urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Submission Tags: falconsandbox
Submission: On August 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 109 IPs in 13 countries across 102 domains to perform 391 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 329195.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:230... 16509 (AMAZON-02)
1 13.32.99.51 16509 (AMAZON-02)
4 184.51.8.30 16625 (AKAMAI-AS)
16 68.183.31.14 14061 (DIGITALOC...)
13 2606:2800:234... 15133 (EDGECAST)
10 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 18.119.23.78 16509 (AMAZON-02)
1 2600:9000:20e... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a04:fa87:fff... 2635 (AUTOMATTIC)
2 2.21.184.22 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
4 104.244.42.8 13414 (TWITTER)
1 2001:4860:480... 15169 (GOOGLE)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2 3.64.108.197 16509 (AMAZON-02)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
3 6 185.89.210.101 29990 (ASN-APPNEX)
2 74.119.119.139 19750 (AS-CRITEO)
1 141.95.98.69 16276 (OVH)
6 15.197.193.217 16509 (AMAZON-02)
1 2606:2800:134... 15133 (EDGECAST)
5 137.184.242.150 14061 (DIGITALOC...)
3 69.166.1.14 27630 (AS-XFERNET)
6 34.98.64.218 15169 (GOOGLE)
3 72.251.249.9 32475 (SINGLEHOP...)
3 5.135.209.97 16276 (OVH)
3 185.64.189.112 62713 (AS-PUBMATIC)
3 2602:803:c003... 26667 (RUBICONPR...)
2 12 185.89.211.84 29990 (ASN-APPNEX)
3 52.57.109.239 16509 (AMAZON-02)
3 34.107.148.139 15169 (GOOGLE)
2 34.225.113.77 14618 (AMAZON-AES)
2 34.236.83.94 14618 (AMAZON-AES)
1 5 172.98.26.125 399668 (E-PLANNING-)
7 2a04:4e42:62:... 54113 (FASTLY)
2 5 52.23.73.66 14618 (AMAZON-AES)
1 1 92.123.9.160 16625 (AKAMAI-AS)
4 23.205.235.133 16625 (AKAMAI-AS)
1 1 104.18.18.126 13335 (CLOUDFLAR...)
1 5 104.18.19.126 13335 (CLOUDFLAR...)
1 205.234.175.175 23352 (SERVERCEN...)
1 51.89.9.253 16276 (OVH)
16 2606:4700:10:... 13335 (CLOUDFLAR...)
7 11 142.250.185.162 15169 (GOOGLE)
2 3 35.227.248.159 15169 (GOOGLE)
5 7 37.157.6.253 198622 (ADFORM)
1 2 2a04:4e42:600... 54113 (FASTLY)
1 2600:1f18:659... 14618 (AMAZON-AES)
4 185.64.190.78 62713 (AS-PUBMATIC)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 3 54.171.150.101 16509 (AMAZON-02)
1 54.78.254.47 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
2 2 85.114.159.118 24961 (MYLOC-AS ...)
2 2 34.111.131.239 15169 (GOOGLE)
1 185.15.245.83 24961 (MYLOC-AS ...)
4 5 18.205.219.62 14618 (AMAZON-AES)
1 1 212.82.100.182 34010 (YAHOO-IRD)
2 54.73.80.98 16509 (AMAZON-02)
1 162.55.236.225 24940 (HETZNER-AS)
1 151.101.194.49 54113 (FASTLY)
1 1 184.51.9.44 16625 (AKAMAI-AS)
1 1 100.24.249.189 14618 (AMAZON-AES)
3 5 52.95.125.22 16509 (AMAZON-02)
4 7 52.46.151.131 16509 (AMAZON-02)
1 23.202.52.216 16625 (AKAMAI-AS)
1 1 54.88.64.117 14618 (AMAZON-AES)
1 8.43.72.97 26667 (RUBICONPR...)
1 1 193.0.160.128 54312 (ROCKETFUEL)
1 1 185.183.112.148 60350 (VP)
2 3 69.173.144.139 26667 (RUBICONPR...)
4 5 69.173.144.165 26667 (RUBICONPR...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 2a00:1288:f03... 10310 (YAHOO-1)
1 1 35.190.60.146 15169 (GOOGLE)
2 5.178.65.252 50673 (SERVERIUS-AS)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
2 13.225.78.37 16509 (AMAZON-02)
1 212.83.160.162 12876 (Online SAS)
15 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 4 2a00:1450:400... 15169 (GOOGLE)
7 104.17.120.107 13335 (CLOUDFLAR...)
4 2.21.184.200 16625 (AKAMAI-AS)
3 2.21.184.188 16625 (AKAMAI-AS)
1 67.202.105.22 32748 (STEADFAST)
9 2a00:1450:400... 15169 (GOOGLE)
2 2 213.155.156.168 1299 (TWELVE99 ...)
6 185.64.190.80 62713 (AS-PUBMATIC)
2 2 103.229.206.241 30419 (MEDIAMATH...)
15 185.64.189.110 62713 (AS-PUBMATIC)
1 178.250.0.163 44788 (ASN-CRITE...)
1 72.251.245.179 32475 (SINGLEHOP...)
1 1 52.205.223.187 14618 (AMAZON-AES)
4 4 3.213.131.37 14618 (AMAZON-AES)
1 1 198.148.27.140 19189 (PULSEPOINT)
3 150.136.25.38 31898 (ORACLE-BM...)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 213.19.147.44 3356 (LEVEL3)
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 5.161.54.172 213230 (HETZNER-C...)
1 1 141.94.242.206 16276 (OVH)
2 2 141.94.171.213 16276 (OVH)
1 195.5.165.20 44968 (IPROM-AS)
1 151.101.1.44 54113 (FASTLY)
5 185.64.190.81 62713 (AS-PUBMATIC)
2 2 146.59.148.16 16276 (OVH)
4 5 169.50.137.182 36351 (SOFTLAYER)
1 2a05:d018:d29... 16509 (AMAZON-02)
1 1 52.45.33.138 14618 (AMAZON-AES)
1 1 91.228.74.244 16509 (AMAZON-02)
5 5 35.211.178.172 19527 (GOOGLE-2)
1 1 52.202.34.66 14618 (AMAZON-AES)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 1 159.65.196.12 14061 (DIGITALOC...)
1 66.155.71.150 13768 (COGECO-PEER1)
1 1 34.102.253.54 396982 (GOOGLE-CL...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2 3.123.111.134 16509 (AMAZON-02)
6 37.157.6.242 198622 (ADFORM)
2 2 52.59.173.142 16509 (AMAZON-02)
2 44.208.243.83 14618 (AMAZON-AES)
2 2 3.73.146.93 16509 (AMAZON-02)
4 23.35.229.151 16625 (AKAMAI-AS)
4 37.157.5.73 198622 (ADFORM)
13 2606:4700:20:... 13335 (CLOUDFLAR...)
1 1 84.200.5.215 44066 (DE-FIRSTC...)
1 1 213.202.235.10 24961 (MYLOC-AS ...)
1 3.69.216.1 16509 (AMAZON-02)
1 1 145.239.193.130 16276 (OVH)
1 88.198.250.30 24940 (HETZNER-AS)
2 2 92.123.17.141 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 38.91.45.7 ()
4 4 74.222.140.126 ()
4 4 18.158.190.248 ()
4 4 35.201.96.126 ()
2 185.64.189.229 ()
2 18.208.45.224 ()
2 2 52.2.126.119 ()
1 2 77.243.60.138 ()
391 109
44    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:2304:ec00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    13.32.99.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-51.fra60.r.cloudfront.net
platform-api.sharethis.com
4    184.51.8.30 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-8-30.deploy.static.akamaitechnologies.com
contextual.media.net
16    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
13    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
10    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    18.119.23.78 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-119-23-78.us-east-2.compute.amazonaws.com
l.sharethis.com
1    2600:9000:20eb:9c00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
1    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google-analytics.com
2    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
2    2.21.184.22 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-184-22.deploy.static.akamaitechnologies.com
lg3.media.net
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    2606:4700:20::681a:644 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
2    3.64.108.197 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
aa.agkn.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
6    185.89.210.101 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
2    74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)
mug.criteo.com
1    141.95.98.69 (France)

ASN16276 (OVH, FR)
PTR: ns3216534.ip-141-95-98.eu
id5-sync.com
6    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)
cdn.syndication.twimg.com
5    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
3    69.166.1.14 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
6    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
3    72.251.249.9 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
3    5.135.209.97 (France)

ASN16276 (OVH, FR)
PTR: ip97.ip-5-135-209.eu
prg.smartadserver.com
3    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
3    2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
12    185.89.211.84 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
3    52.57.109.239 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-109-239.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
3    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    34.225.113.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-113-77.compute-1.amazonaws.com
btlr.sharethrough.com
2    34.236.83.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-83-94.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
5    172.98.26.125 (Ashburn, United States)

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
u-iad04.e-planning.net
7    2a04:4e42:62::159 (United States)

ASN54113 (FASTLY, US)
pbs.twimg.com
5    52.23.73.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-73-66.compute-1.amazonaws.com
a.audrte.com
1    92.123.9.160 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-9-160.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
5    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
r.casalemedia.com
dsum-sec.casalemedia.com
1    205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
1    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
16    2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
11    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
cm.g.doubleclick.net
3    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pixel.tapad.com
7    37.157.6.253 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
dmp.adform.net
c1.adform.net
2    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f18:6593:f608:78e4:ddc4:e083:81a6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dmp.v.fwmrm.net
4    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
3    54.171.150.101 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-150-101.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Rogeno, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
2    85.114.159.118 (Waldshut-Tiengen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    34.111.131.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.131.111.34.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.83 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
5    18.205.219.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-219-62.compute-1.amazonaws.com
bcp.crwdcntrl.net
sync.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
2    54.73.80.98 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    162.55.236.225 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.225.236.55.162.clients.your-server.de
sync.richaudience.com
1    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    184.51.9.44 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-9-44.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    100.24.249.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-249-189.compute-1.amazonaws.com
usermatch.krxd.net
5    52.95.125.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
7    52.46.151.131 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    23.202.52.216 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-202-52-216.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    54.88.64.117 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-64-117.compute-1.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
1    8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
1    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    185.183.112.148 (Paris, France)

ASN60350 (VP, FR)
sync.adotmob.com
3    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
5    69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
ads.yahoo.com
1    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
id.rlcdn.com
2    5.178.65.252 (Rijswijk, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net
s.e-planning.net
1    2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
vid.vidoomy.com
2    13.225.78.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-37.fra2.r.cloudfront.net
tags.crwdcntrl.net
1    212.83.160.162 (France)

ASN12876 (Online SAS, FR)
PTR: 212-83-160-162.rev.poneytelecom.eu
js.cookieless-data.com
15    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
3    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
3    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
7    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
js.brealtime.com
4    2.21.184.200 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-184-200.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    2.21.184.188 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-184-188.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
9    2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    213.155.156.168 (Uppsala, Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-168.teliacarrier-cust.com
d5p.de17a.com
6    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    103.229.206.241 (Singapore)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
15    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    72.251.245.179 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)
cm.adgrx.com
1    52.205.223.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-223-187.compute-1.amazonaws.com
sync.srv.stackadapt.com
4    3.213.131.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-131-37.compute-1.amazonaws.com
match.prod.bidr.io
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
3    150.136.25.38 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
1    2606:4700::6813:ac6c (United States)

ASN13335 (CLOUDFLARENET, US)
csync.loopme.me
2    213.19.147.44 (Beverwijk, Netherlands)

ASN3356 (LEVEL3, US)
sync.1rx.io
2    2606:4700:4400::6812:230b (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    5.161.54.172 (Germany)

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.172.54.161.5.clients.your-server.de
matching.truffle.bid
1    141.94.242.206 (France)

ASN16276 (OVH, FR)
PTR: bixel-11.cloudy.ovh
green.erne.co
2    141.94.171.213 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-5.cloudy.ovh
pixel-eu.onaudience.com
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
1    151.101.1.44 (United States)

ASN54113 (FASTLY, US)
match.taboola.com
5    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
2    146.59.148.16 (France)

ASN16276 (OVH, FR)
PTR: pikafka-eu-2.cloudy.ovh
pixel.onaudience.com
5    169.50.137.182 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
1    2a05:d018:d29:3605:a43d:cfec:dc69:3aee (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    52.45.33.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    91.228.74.244 (United Kingdom)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
5    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    52.202.34.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-34-66.compute-1.amazonaws.com
rtb.adstanding.com
1    2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
pubmatic-match.dotomi.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
1    159.65.196.12 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    34.102.253.54 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com
ads.playground.xyz
3    2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    3.123.111.134 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-111-134.eu-central-1.compute.amazonaws.com
ghent-aws-fr.bidswitch.net
6    37.157.6.242 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
2    52.59.173.142 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-173-142.eu-central-1.compute.amazonaws.com
aws-fr-sync.bidswitch.net
2    44.208.243.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-208-243-83.compute-1.amazonaws.com
e1.emxdgt.com
2    3.73.146.93 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-146-93.eu-central-1.compute.amazonaws.com
imp-euro.emxdgt.com
4    23.35.229.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-151.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
4    37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
13    2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
as.ad4m.at
assets.ad4m.at
1    84.200.5.215 (Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
private.vodafone-affiliate.de
1    213.202.235.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
1    3.69.216.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-216-1.eu-central-1.compute.amazonaws.com
vfd2dyn.vodafone.de
1    145.239.193.130 (France)

ASN16276 (OVH, FR)
pv.medialead.de
1    88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de
pb.media01.eu
2    92.123.17.141 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-17-141.deploy.static.akamaitechnologies.com
www.awin1.com
www.zenaps.com
1    2606:4700::6812:7f05 (United States)

ASN13335 (CLOUDFLARENET, US)
www.conrad.de
2    38.91.45.7 (None, )

ASN- ()
match.deepintent.com
4    74.222.140.126 (None, )

ASN- ()
match.bnmla.com
4    18.158.190.248 (None, )

ASN- ()
pm.w55c.net
4    35.201.96.126 (None, )

ASN- ()
visitor.fiftyt.com
2    185.64.189.229 (None, )

ASN- ()
aud.pubmatic.com
2    18.208.45.224 (None, )

ASN- ()
rtb.gumgum.com
2    52.2.126.119 (None, )

ASN- ()
sync.ipredictive.com
2    77.243.60.138 (None, )

ASN- ()
uipglob.semasio.net
Apex Domain
Subdomains		 Transfer
44 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 329195
1 MB
39 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 493
image6.pubmatic.com — Cisco Umbrella Rank: 634
ads.pubmatic.com — Cisco Umbrella Rank: 492
image2.pubmatic.com — Cisco Umbrella Rank: 877
simage2.pubmatic.com — Cisco Umbrella Rank: 672
image4.pubmatic.com — Cisco Umbrella Rank: 881
simage4.pubmatic.com — Cisco Umbrella Rank: 1252
aud.pubmatic.com
46 KB
24 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
tpc.googlesyndication.com — Cisco Umbrella Rank: 159
587 KB
24 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 52506
cdn.pixfuture.com — Cisco Umbrella Rank: 63562
prebidserver.pixfuture.com — Cisco Umbrella Rank: 113191
496 KB
21 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 463
ib.adnxs.com — Cisco Umbrella Rank: 230
acdn.adnxs.com — Cisco Umbrella Rank: 604
65 KB
17 adform.net
dmp.adform.net — Cisco Umbrella Rank: 5038
c1.adform.net — Cisco Umbrella Rank: 612
track.adform.net — Cisco Umbrella Rank: 4130
s1.adform.net — Cisco Umbrella Rank: 8434
75 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 519
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1015
eus.rubiconproject.com — Cisco Umbrella Rank: 582
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 959
pixel.rubiconproject.com — Cisco Umbrella Rank: 327
token.rubiconproject.com — Cisco Umbrella Rank: 711
27 KB
17 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 701
syndication.twitter.com — Cisco Umbrella Rank: 956
536 KB
16 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1891
mwzeom.zeotap.com — Cisco Umbrella Rank: 1478
5 KB
14 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 214
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
2 KB
13 ad4m.at
ad4m.at — Cisco Umbrella Rank: 2302
as.ad4m.at — Cisco Umbrella Rank: 29608
assets.ad4m.at — Cisco Umbrella Rank: 38632
477 KB
12 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1260
s.amazon-adsystem.com — Cisco Umbrella Rank: 282
9 KB
12 wp.com
i0.wp.com — Cisco Umbrella Rank: 2991
stats.wp.com — Cisco Umbrella Rank: 2570
pixel.wp.com — Cisco Umbrella Rank: 2431
106 KB
9 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 292
ghent-aws-fr.bidswitch.net — Cisco Umbrella Rank: 10357
aws-fr-sync.bidswitch.net — Cisco Umbrella Rank: 30642
5 KB
9 media.net
contextual.media.net — Cisco Umbrella Rank: 537
lg3.media.net — Cisco Umbrella Rank: 3677
prebid.media.net — Cisco Umbrella Rank: 1269
28 KB
8 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5255
u-iad04.e-planning.net — Cisco Umbrella Rank: 11308
i.e-planning.net — Cisco Umbrella Rank: 7512
s.e-planning.net — Cisco Umbrella Rank: 7146
4 KB
8 twimg.com
cdn.syndication.twimg.com — Cisco Umbrella Rank: 1441
pbs.twimg.com — Cisco Umbrella Rank: 693
92 KB
7 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2946
js.brealtime.com — Cisco Umbrella Rank: 4658
20 KB
7 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 820
tags.crwdcntrl.net — Cisco Umbrella Rank: 1220
sync.crwdcntrl.net — Cisco Umbrella Rank: 728
18 KB
7 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2636
e1.emxdgt.com — Cisco Umbrella Rank: 1258
imp-euro.emxdgt.com — Cisco Umbrella Rank: 49426
15 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 88
www.google.com — Cisco Umbrella Rank: 9
3 KB
6 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1324
r.casalemedia.com — Cisco Umbrella Rank: 778
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525
6 KB
6 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1019
cms.analytics.yahoo.com — Cisco Umbrella Rank: 796
ads.yahoo.com — Cisco Umbrella Rank: 2295
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 488
ups.analytics.yahoo.com — Cisco Umbrella Rank: 278
3 KB
6 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 71579
u.openx.net — Cisco Umbrella Rank: 705
875 B
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 371
2 KB
5 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 851
2 KB
5 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2195
7 KB
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 407
mug.criteo.com — Cisco Umbrella Rank: 2790
dis.criteo.com — Cisco Umbrella Rank: 712
2 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 8483
platform-api.sharethis.com — Cisco Umbrella Rank: 4580
l.sharethis.com — Cisco Umbrella Rank: 4476
buttons-config.sharethis.com — Cisco Umbrella Rank: 5510
57 KB
4 fiftyt.com
visitor.fiftyt.com
982 B
4 w55c.net
pm.w55c.net
3 KB
4 bnmla.com
match.bnmla.com
3 KB
4 moatads.com
z.moatads.com — Cisco Umbrella Rank: 423
px.moatads.com — Cisco Umbrella Rank: 469
205 KB
4 onaudience.com
pixel-eu.onaudience.com — Cisco Umbrella Rank: 13556
pixel.onaudience.com — Cisco Umbrella Rank: 3653
2 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 504
2 KB
3 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1099
3 google.de
adservice.google.de — Cisco Umbrella Rank: 8811
1 KB
3 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 882
978 B
3 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1005
sync.mathtag.com — Cisco Umbrella Rank: 476
2 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 515
usermatch.krxd.net — Cisco Umbrella Rank: 1240
942 B
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 201
2 KB
3 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 707
match.taboola.com — Cisco Umbrella Rank: 3043
611 B
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 464
767 B
3 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1497
1020 B
3 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 654
2 KB
3 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1901
sync.go.sonobi.com Failed
2 KB
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 36
www.google-analytics.com — Cisco Umbrella Rank: 45
region1.google-analytics.com — Cisco Umbrella Rank: 3094
21 KB
2 ipredictive.com
sync.ipredictive.com
1 KB
2 gumgum.com
rtb.gumgum.com
417 B
2 semasio.net
uipglob.semasio.net Failed
1 KB
2 deepintent.com
match.deepintent.com
60 B
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 816
s.tribalfusion.com — Cisco Umbrella Rank: 2148
1 KB
2 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 570
1 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4944
562 B
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 25384
681 B
2 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1558
1 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1122
751 B
2 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1244
520 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 461
987 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
108 KB
1 conrad.de
www.conrad.de — Cisco Umbrella Rank: 83361
726 B
1 zenaps.com
www.zenaps.com — Cisco Umbrella Rank: 20337
698 B
1 awin1.com
www.awin1.com — Cisco Umbrella Rank: 15871
793 B
1 media01.eu
pb.media01.eu — Cisco Umbrella Rank: 46022
629 B
1 medialead.de
pv.medialead.de — Cisco Umbrella Rank: 47242
648 B
1 vodafone.de
vfd2dyn.vodafone.de — Cisco Umbrella Rank: 74236
1 exactag.com
m.exactag.com — Cisco Umbrella Rank: 13068
1 KB
1 vodafone-affiliate.de
private.vodafone-affiliate.de — Cisco Umbrella Rank: 140390
761 B
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 4114
467 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
191 B
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2578
534 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 792
518 B
1 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3549
104 B
1 adstanding.com
rtb.adstanding.com — Cisco Umbrella Rank: 8910
356 B
1 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 458
539 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 6445
279 B
1 erne.co
green.erne.co — Cisco Umbrella Rank: 19073
366 B
1 truffle.bid
matching.truffle.bid — Cisco Umbrella Rank: 7014
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 942
406 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 522
503 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 754
621 B
1 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1500
408 B
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 7261
535 B
1 vidoomy.com
vid.vidoomy.com — Cisco Umbrella Rank: 5036
17 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 370
707 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1370
307 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 743
759 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 93873
214 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 486
145 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 590
177 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1918
361 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 20216
220 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 117032
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7247
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11716
411 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
1 33across.com
ssc.33across.com Failed
ssc-cms.33across.com — Cisco Umbrella Rank: 999
1 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 592
440 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 508
625 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1543
1 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 727
6 KB
0 googleapis.com Failed
fonts.googleapis.com Failed
391 102
Domain Requested by
44 securityaffairs.co securityaffairs.co
16 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
pagead2.googlesyndication.com
15 simage2.pubmatic.com ads.pubmatic.com
15 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
13 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
ads.pubmatic.com
13 platform.twitter.com securityaffairs.co
platform.twitter.com
12 ib.adnxs.com 2 redirects cdn.pixfuture.com
spl.zeotap.com
acdn.adnxs.com
11 cm.g.doubleclick.net 7 redirects spl.zeotap.com
r.casalemedia.com
eus.rubiconproject.com
10 i0.wp.com securityaffairs.co
9 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
7 s.amazon-adsystem.com 4 redirects ads.us.e-planning.net
r.casalemedia.com
eus.rubiconproject.com
7 pbs.twimg.com
6 assets.ad4m.at as.ad4m.at
6 track.adform.net securityaffairs.co
s1.adform.net
6 image2.pubmatic.com ads.pubmatic.com
6 c1.adform.net 5 redirects ads.pubmatic.com
6 match.adsrvr.org cdn.pixfuture.com
spl.zeotap.com
r.casalemedia.com
ads.pubmatic.com
6 secure.adnxs.com 3 redirects r.casalemedia.com
5 ad4m.at s1.adform.net
ad4m.at
5 x.bidswitch.net 5 redirects
5 um.simpli.fi 4 redirects ads.pubmatic.com
5 biddr.brealtime.com cdn.pixfuture.com
securityaffairs.co
5 token.rubiconproject.com 4 redirects eus.rubiconproject.com
5 aax-eu.amazon-adsystem.com 3 redirects ads.us.e-planning.net
eus.rubiconproject.com
5 a.audrte.com 2 redirects ads.us.e-planning.net
5 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
4 visitor.fiftyt.com 4 redirects
4 pm.w55c.net 4 redirects
4 match.bnmla.com 4 redirects
4 s1.adform.net ghent-aws-fr.bidswitch.net
s1.adform.net
4 match.prod.bidr.io 4 redirects
4 ads.pubmatic.com cdn.pixfuture.com
ads.pubmatic.com
4 dsum-sec.casalemedia.com 1 redirects r.casalemedia.com
4 image6.pubmatic.com spl.zeotap.com
ads.pubmatic.com
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 syndication.twitter.com platform.twitter.com
4 contextual.media.net securityaffairs.co
cdn.pixfuture.com
3 simage4.pubmatic.com ads.pubmatic.com
3 www.google.com tpc.googlesyndication.com
3 sync.technoratimedia.com ads.pubmatic.com
3 acdn.adnxs.com cdn.pixfuture.com
3 u.openx.net cdn.pixfuture.com
3 googleads.g.doubleclick.net 3 redirects
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
3 partner.googleadservices.com pagead2.googlesyndication.com
3 pixel.rubiconproject.com 2 redirects eus.rubiconproject.com
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 dpm.demdex.net 2 redirects r.casalemedia.com
3 pixel.tapad.com 2 redirects spl.zeotap.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 u-iad04.e-planning.net ads.us.e-planning.net
r.casalemedia.com
vid.vidoomy.com
3 prebid.media.net cdn.pixfuture.com
3 hb.emxdgt.com cdn.pixfuture.com
3 fastlane.rubiconproject.com cdn.pixfuture.com
3 hbopenbid.pubmatic.com cdn.pixfuture.com
3 prg.smartadserver.com cdn.pixfuture.com
3 ap.lijit.com cdn.pixfuture.com
3 pixfuture2-d.openx.net cdn.pixfuture.com
3 apex.go.sonobi.com cdn.pixfuture.com
3 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
securityaffairs.co
2 sync.ipredictive.com 2 redirects
2 rtb.gumgum.com ads.pubmatic.com
2 uipglob.semasio.net
2 aud.pubmatic.com
2 match.deepintent.com ads.pubmatic.com
2 as.ad4m.at ad4m.at
as.ad4m.at
2 px.moatads.com
2 js.brealtime.com cdn.pixfuture.com
2 z.moatads.com cdn.pixfuture.com
2 imp-euro.emxdgt.com 2 redirects
2 e1.emxdgt.com securityaffairs.co
imp-euro.emxdgt.com
2 aws-fr-sync.bidswitch.net 2 redirects
2 ghent-aws-fr.bidswitch.net 2 redirects
2 pixel.onaudience.com 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 sync.crwdcntrl.net 2 redirects
2 pixel-eu.onaudience.com 2 redirects
2 sync.1rx.io 2 redirects
2 sync.mathtag.com 2 redirects
2 d5p.de17a.com 2 redirects
2 tags.crwdcntrl.net s.e-planning.net
tags.crwdcntrl.net
2 s.e-planning.net ads.us.e-planning.net
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dsp.adfarm1.adition.com 2 redirects
2 sync.tidaltv.com 2 redirects
2 trc.taboola.com 1 redirects spl.zeotap.com
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.ssp.yahoo.com cdn.pixfuture.com
2 btlr.sharethrough.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 lg3.media.net securityaffairs.co
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
1 www.conrad.de as.ad4m.at
1 www.zenaps.com 1 redirects
1 www.awin1.com 1 redirects
1 pb.media01.eu as.ad4m.at
1 pv.medialead.de 1 redirects
1 vfd2dyn.vodafone.de as.ad4m.at
1 m.exactag.com 1 redirects
1 private.vodafone-affiliate.de 1 redirects
1 ads.playground.xyz 1 redirects
1 pixel-sync.sitescout.com ads.pubmatic.com
1 match.adsby.bidtheatre.com 1 redirects
1 ad.turn.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 rtb.adstanding.com 1 redirects
1 pixel.quantserve.com 1 redirects
1 ups.analytics.yahoo.com 1 redirects
1 pr-bh.ybp.yahoo.com ads.pubmatic.com
1 match.taboola.com ads.pubmatic.com
1 core.iprom.net ads.pubmatic.com
1 green.erne.co 1 redirects
1 matching.truffle.bid ads.pubmatic.com
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 csync.loopme.me 1 redirects
1 bh.contextweb.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 cm.adgrx.com ads.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 ssc-cms.33across.com cdn.pixfuture.com
1 js.cookieless-data.com s.e-planning.net
1 vid.vidoomy.com ads.us.e-planning.net
1 id.rlcdn.com 1 redirects
1 ads.yahoo.com eus.rubiconproject.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 sync.adotmob.com 1 redirects
1 p.rfihub.com 1 redirects
1 pixel-us-east.rubiconproject.com eus.rubiconproject.com
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync-tm.everesttech.net spl.zeotap.com
ads.pubmatic.com
1 sync.richaudience.com spl.zeotap.com
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 dmp.adform.net spl.zeotap.com
1 onetag-sys.com ads.us.e-planning.net
1 i.e-planning.net ads.us.e-planning.net
1 r.casalemedia.com ads.us.e-planning.net
1 ssum.casalemedia.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 cdn.syndication.twimg.com platform.twitter.com
1 id5-sync.com cdn.pixfuture.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google-analytics.com google-analytics.com
1 pixel.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 sync.go.sonobi.com Failed ads.us.e-planning.net
0 ssc.33across.com Failed cdn.pixfuture.com
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
391 167
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
sharethis.com
Amazon		 2022-06-19 -
2023-07-18		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-06-15 -
2022-09-18		 3 months crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.emxdgt.com
Amazon		 2022-06-02 -
2023-07-01		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
ads.us.e-planning.net
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-10		 a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-13 -
2022-10-14		 a year crt.sh
dmp.theadex.com
R3		 2022-06-27 -
2022-09-25		 3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.e-planning.net
R3		 2022-07-25 -
2022-10-23		 3 months crt.sh
*.vidoomy.com
Sectigo RSA Domain Validation Secure Server CA		 2021-08-06 -
2022-09-05		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-12-10 -
2022-12-09		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-01 -
2023-03-28		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
truffle.bid
R3		 2022-07-21 -
2022-10-19		 3 months crt.sh
*.iprom.net
R3		 2022-06-19 -
2022-09-17		 3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-06-14 -
2022-12-07		 6 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
*.gumgum.com
Amazon		 2021-10-15 -
2022-11-12		 a year crt.sh

This page contains 71 frames:

Primary Page: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Frame ID: 45E4B59EF6AB691E2C95B959AD50C72E
Requests: 139 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fsecurityaffairs.co
Frame ID: 475AC8DD4956BC0AB6C57AEF9E564CB7
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
Frame ID: AC6FEE5288148D2CE0EC2C72D571B4A4
Requests: 21 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 7E771257C59BB42A9F575A1DD503D5F5
Requests: 4 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Frame ID: 60B89921C0F7AEAEC2B6F458452A2E62
Requests: 11 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Frame ID: B5058BCF924C302590E3D2C7D9E7CC9F
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 5B3B8FAE3922E6D5493B7A7F2CBEC949
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 269E4C9F561C90AA70FE56E09901DA78
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&cmp=0
Frame ID: DD71A8001FD46C279416B5F9DEE1EDEE
Requests: 31 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Frame ID: 5119A0E0E8D896537BFF38091C8F2962
Requests: 4 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: C9B74365FE53C3295602415AF461AECC
Requests: 2 HTTP requests in this frame

Frame: https://u-iad04.e-planning.net/um?dc=3ab023ac29ea5990&fi=09de213fc268a926&uid=a6f37f0123013099a595be2217fc435a
Frame ID: 90E04382EE5B99D2E34A88A3C7905AC6
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ADaFV2WeGcJR72yw
Frame ID: 7AE836423BDDFA5E3F2C8BA8F23E9157
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 32EF24DE6A193504BF8A62EE4A205A89
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 486E51C379015CD7AAF7E6138D0711A7
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 1088CE4823274F2F3A3D6FB7853BF485
Requests: 7 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: BF5E47E2375CE0D8CD034797AD985B0E
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 8777779672645AB979A21BCE758B3FD0
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php
Frame ID: 89F7FD3A6CD2C601AF435CEF7AAD9595
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: EADA5FBB8CAC1043E5831CAF12E0635F
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 3828454EB8D7BABFAB5CBF0B9C60DB41
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 4B533B8EEFA98D9B78EFE0B3A8802D47
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 6C84718D096EC6C3AD5307BE60D36524
Requests: 21 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CFFFB34EB55849B1BFADA7F479A4DF80
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 6417D936C2D84B739015EE60292EEA8F
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: BC07DDDB75C0FF092405437B2C1B2457
Requests: 9 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 20D5C723920105B2A673EFA54512F081
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: E0A39306FB25ADC4F1FE09076CE0ADD3
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: F6818A0A6365ED1B02293460EEBA2D7D
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 55DE9E6643A3270501BD88620655CCFD
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: AC4EFF4F0BE56490CA2EACC3D4F511FB
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 593EF9BEDA2AD8952BCA9A79259DF91D
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: FE696A5217FDAE0480C8898B6A1C1343
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: C11170F3225F07FEDE499C5DDD1018AC
Requests: 9 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 414369642151C45465D094559418EE12
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: B89AAAB65B8B6291233788D547F094D0
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
Frame ID: A64BDD6862FA3FCFE8DC13127ADD9CF9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5185508362693586694
Frame ID: 13E4BDCFA0DAAA7F294E098350A55695
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3bb86303-9767-4d00-b3c3-7bebb0fc0705&gdpr=0&gdpr_consent=
Frame ID: 91E820F22D8D5CFC36AD4B063CF6D7C0
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 3ED893D7BA4AB9C72D7A0BE78B1A9305
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7134712703347587220
Frame ID: 41708D15A5286ACAFA87DD2B553C9610
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 09FC095E6BED05742186986260EC950D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=6KVAMwYbStdNQtVHqhIC-9lAl0U
Frame ID: 4BB38DF6A4B358CD004C03849C452E23
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Frame ID: 0208E29ACFA5E4F7E0CDDA9B9CEE5342
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABoKk7GBy8AAA7MoqdhJw&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3
Frame ID: 97698A66EF8146BFD937A32EBE0D2AD8
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Frame ID: 2ADB14D5AE57D8264D9DBECCDA560D91
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5897164721
Frame ID: D6DC34174F798FCAF2DC8350662036B3
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: CA1621E156049A0D08F5CFC213887EF3
Requests: 1 HTTP requests in this frame

Frame: https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Frame ID: D03E7213353871E936C4BA911CB23404
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=uroLIz3lVMjSQjSMQRQRbnjn
Frame ID: F5B2B4FE593FD1C2BEDAB352F4F00FE5
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: 142A835A818170BBE996127CD2ED91B2
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6a733ca2-db5e-4642-aba1-90e43f0f6775-tuct9fd1cea&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: F3462FAD789A9463B2C9D6EC0DA1DA26
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D948F9C03E2833D5E87C3FF1978FED2D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 06FF11556244896B521C8C79C67B2F47
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 139EF27F4CDDB22B4FF01CE102C05690
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CAB2336848E6FF7B5A045CB090637917
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0475550AD5AD82F957E9BAC132FF4432
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BB94599B55A03D60855AA67EDA0AC23F
Requests: 2 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/320x50.png
Frame ID: EB1139B3522103859508F581018AA02F
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NL_Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Frame ID: 55D8D372936AB1A4E033A122F67D9685
Requests: 11 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Frame ID: 476DC630F5D415B29A22EFCCE8A0BD5A
Requests: 11 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 5E5321FD6187781E2C111CFEAABCBE50
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Frame ID: AE4DBBD69687F7315900D924AB5949AC
Requests: 11 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 2B6149892FAB78F3C5B7EA6F1D492B5E
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Frame ID: 02C62CFB3B884918CAF3B3E1286BBFD4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:zV27ONNo1Oq8JT5&gdpr=0&gdpr_consent=
Frame ID: 2F5A0B9901BBAF825256E2293C716CBF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
Frame ID: AB78F85C70F114420B0EC1D3E3FAE561
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 6581866408F004669D758EEC34193FE1
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Frame ID: EABCA18E6A8D83B597178CDB886EEE7D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:05IxoNNP1Oq8JT5&gdpr=0&gdpr_consent=
Frame ID: 2996D25431D15922A75505323D781F95
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
Frame ID: 33DD4ED52A1B9E1C484783A8C4DA9E7C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

New Coronavirus-themed malspam campaign delivers FormBook MalwareSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

391
Requests

82 %
HTTPS

23 %
IPv6

102
Domains

167
Subdomains

109
IPs

13
Countries

4361 kB
Transfer

7964 kB
Size

110
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 94
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 95
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=nNuMV3xPaFZPWGZvWGJNNDdoVW1uVGhER3V1b2xyU2g2ZE96WWhjVmh0ejBHT29Tc2xDeWYwK3lYRTFSLzZHWXNZWFJWZjhMemhGdnhVUG9ITVNOUFNyTTFOdHdsOUFFeTYrVjllOHFvRmQ2eHJmMUxXeUF2eGNza3podEs5WGdmb1NoT3huZFpwdEN6YTFXNWY2N0hwWHN4ZStYeFpEcjI5enVNc1czL1RzODBCK2svalhjd3RqSzNVY1BnbCt4MTBuSEhLZEtQTGVBVXFwaE50MXR4ZXNtL1JIaFBycXdmVXdKcjc4dERqTHNwVDdZUi9WazRBbWJiVHdRQjF2SENPK3ZPfA&cppv=2
Request Chain 143
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 154
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D09de213fc268a926%26uid%3D%24UID HTTP 302
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=09de213fc268a926&uid=5426787210987735875
Request Chain 155
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3D09de213fc268a926%26uid%3D%24UID&partner=eplanning HTTP 302
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fdc%253De64f73568d2b3c34%2526fi%253D09de213fc268a926%2526uid%253Dua-ee7b6d54-dd8d-3d26-8f85-9f331039f181
Request Chain 156
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Request Chain 157
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D HTTP 302
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Request Chain 163
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=9423c018-2b01-4121-bb07-0e53ac9e7080&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 169
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=847f45e4-b56b-44f7-8370-a69ba1c2e40b&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 170
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=21411590077400549173960144446080830552&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 172
  • https://bn01.er.bemail.it/zeotap.php?_bid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082300-52859-0.981053001661205862-494cf3dce7dddb2f70118320da8f3001&zdid=533&env=mWeb
Request Chain 173
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7134712703347587220&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 175
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361&bounce=1&random=133538555 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=8CL0xEr15q48CDFQ9ZN/fe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 177
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 178
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-zL1zhXRE2opSfn7DqZB1heNMlSZ_2yWUWA--~A&zpartnerid=570&env=mWeb
Request Chain 179
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MJVNGQ3ZcbEWpvBjA0VoOc%2FWI2Clx7Pb%2BS41iYitP1U%3D
Request Chain 183
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=3bb86303-9767-4d00-b3c3-7bebb0fc0705&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 184
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 185
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Request Chain 186
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Request Chain 188
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Request Chain 193
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwOXZ-nR7iLTmT95w3.6RwAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGaz1ufLpFhm_vnLv7H85J8&google_cver=1&gdpr=1&google_hm=2
Request Chain 194
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB&dcc=t
Request Chain 198
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5133329522125289937
Request Chain 200
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Request Chain 202
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEG-RyiDCcL6MRA6zE-QIK6c&google_cver=1
Request Chain 203
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=gJZhWKAUTLacyIyfYiXheg&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=gJZhWKAUTLacyIyfYiXheg
Request Chain 204
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Yq8u8JbnTsy_HIdr5Cj_iQ&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Yq8u8JbnTsy_HIdr5Cj_iQ
Request Chain 205
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTkwYzdlNDcwOTQ3MTI0Mjg0MDZkNTQ5YmU0NTJjZTUxYTVhMzM3YQ
Request Chain 206
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L74VJ6ZW-K-1IBU
Request Chain 207
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L74VJ6ZW-K-1IBU&sigv=1&esig=2~09f90502f6b4c823e032321d758d5759fbb0abd6
Request Chain 208
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc0Vko2WlctSy0xSUJV
Request Chain 209
  • https://id.rlcdn.com/709414.gif HTTP 307
  • https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Request Chain 231
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696133&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1661179754&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661179753782&bpp=15&bdt=270&idt=210&shv=r20220817&mjsv=m202208180101&ptt=5&saldr=sa&correlator=5713550931900&frm=21&ife=1&pv=2&ga_vid=61578736.1661179750&ga_sid=1661179754&ga_hid=257210107&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=896&biw=1600&bih=1200&isw=320&ish=50&ifk=2963864076&scr_x=0&scr_y=0&eid=44771041%2C31068880%2C31068944%2C31069050%2C44764001%2C31062931&oid=2&pvsid=4211723687454961&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.9x0bid4zoh7i&fsb=1&xpc=rvAkSRNWaH&p=https%3A//securityaffairs.co&dtd=227 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 235
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696130&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1661179754&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661179753854&bpp=14&bdt=244&idt=185&shv=r20220817&mjsv=m202208150101&ptt=5&saldr=sa&correlator=5713550931900&frm=21&ife=1&pv=1&ga_vid=61578736.1661179750&ga_sid=1661179754&ga_hid=840241966&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=3130407390&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=1232684794847123&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.oiohzq24atuf&fsb=1&xpc=WdHR2cnkC1&p=https%3A//securityaffairs.co&dtd=199 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 239
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696131&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1661179754&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661179753870&bpp=6&bdt=246&idt=276&shv=r20220817&mjsv=m202208150101&ptt=5&saldr=sa&cookie=ID%3D5d64b67e0435ebd1-22d3ee6bfdcd00c2%3AT%3D1661179754%3ART%3D1661179754%3AS%3DALNI_MbcYE-EIVQOt0Yzt7PzekCrmDXtaQ&correlator=5713550931900&frm=21&ife=1&pv=1&ga_vid=61578736.1661179750&ga_sid=1661179754&ga_hid=2139254544&ga_fc=1&nhd=1&u_tz=0&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=3967&biw=1600&bih=1200&isw=300&ish=250&ifk=2984558589&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068486%2C44769306%2C31068945&oid=2&pvsid=3250107562091484&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.77dlstma5iud&btvi=1&fsb=1&xpc=9VkGALJm3H&p=https%3A//securityaffairs.co&dtd=288 HTTP 302
  • https://served-by.pixfuture.com/www/delivery/afr.php
Request Chain 269
  • https://c1.adform.net/serving/cookie/match?party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
Request Chain 270
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5185508362693586694
Request Chain 271
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3bb86303-9767-4d00-b3c3-7bebb0fc0705&gdpr=0&gdpr_consent=
Request Chain 273
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7134712703347587220
Request Chain 275
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=6KVAMwYbStdNQtVHqhIC-9lAl0U
Request Chain 277
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCb0trN0dCeThBQUE3TW9xZGhKdw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABoKk7GBy8AAA7MoqdhJw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Csas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn%2Csas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABoKk7GBy8AAA7MoqdhJw&pid=558502&do=add HTTP 303
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABoKk7GBy8AAA7MoqdhJw&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3
Request Chain 278
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Request Chain 279
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1661179754823 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5897164721
Request Chain 280
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 282
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=5fc8dc8fd9d91ece/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D%26redirect%3Dhttps%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%2526piggybackCookie%253DuroLIz3lVMjSQjSMQRQRbnjn HTTP 302
  • https://pixel-eu.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3DuroLIz3lVMjSQjSMQRQRbnjn HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=uroLIz3lVMjSQjSMQRQRbnjn
Request Chain 284
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6a733ca2-db5e-4642-aba1-90e43f0f6775-tuct9fd1cea&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 285
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=dtn5ePDmQNiYWyT7Hzz9Aw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 286
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=3bb86303-9767-4d00-b3c3-7bebb0fc0705
Request Chain 287
  • https://pixel.onaudience.com/?partner=214&mapped=76D9F978-F0E6-40D8-985B-24FB1F3CFD03 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=0dcd718a92388644/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
Request Chain 288
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzZEOUY5NzgtRjBFNi00MEQ4LTk4NUItMjRGQjFGM0NGRDAz&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 289
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJpj5CQbMamTBdv-OTyCX6Y&google_cver=1
Request Chain 291
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6118872269947435853
Request Chain 293
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5426787210987735875&gdpr=0&gdpr_consent=
Request Chain 295
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-CaXI_KNE2uVTeZBRoLc2mAOFqkoaFpk-~A&gdpr=0&gdpr_consent=
Request Chain 296
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=PhCRITEUl3AlEsUjOBGMKmxAxSslF5QmakaOgZLw
Request Chain 297
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=pubmatic&bidswitch_custom_parameter=60e5e19e-6eae-43ec-a913-65bccdff6792 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=c55232f2aaac8a22d3e15295c41a5116&expires=30&ssp=pubmatic&bsw_param=60e5e19e-6eae-43ec-a913-65bccdff6792 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 299
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9059802306217042661&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 300
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:e6e86dce-67c3-4e53-a59b-f5ae2ba5cd44&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 302
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5426787210987735875
Request Chain 322
  • https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW__MkHCjwrrFhRkY7FK__XO0KT6NL__Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/PKhsCVWqtj6Ulp2YpSc2gSLKwY4urb8WpBiMilRI7UEGcUGeaRZ0imzwo6u2EHv4omQTW-XkyW1C-VjodelFODPxu4uGOYyUb61U8oERQXkLe6IS2ojPJ-eOsiKr5hQPR8UhLqHb3UBlokdsHRAsGCfQXY6FOfdNI39atxi4ZDiLY3QmBcy33xI5lycLnqh1dyIT89ccLndR71Rbtl23RjBQKwXZkTkLiVsYM47MWHF8LbOcdOUQBqXwV0e3YOhBDYJZVj9DOGVPZ4m1WvzbDj2tbMEsJ8uTrJ0EWBQDupwKkWOOZ0y3MPf8uV9cJvT0TzW27ctBvKMioYPQb40NfnA9S47Mpkb2_f4ceQlAIds245i2-ElcIJMkcFFBeMexGdPwd-im60UQi-CVfnWNYlHY4Y067tOEX2uCBbbp9Ex5B_vt_p9M_STUoqLOfMFKBa-RdUUbaemoYiEXPH1qLryK6vt4g8SxNyrYbPgFDsq3OJ7X5y-CRZsWz_MMmpqWzkHvKj1VmyFhibA386EHhVbMNtGtWXnGp06dZ09g-fKvoMzO3Q4XFG0i72e8vb10rNv9_j6xxgjAqh2a7u_8lkxv_5NQOe43axHDIqTv5Uq1lwDYorshVrOTPHP0OXYThY8Urm2KHNp0tCxJ53SMgHQUgzSjlbeZRX8nsZXNbWaoGCZ9R-Dr91oHGDGZ2jd7_WrV0Xzp4_cfa4e4aNRROei_NEsMYMgAoBisF_Qj5bjKiGAeVHvNhL5bT7nyLKiVgCZPkXxcM3rmPCZsJ_N7u92aMf89DNRN8ziLPuwhU-gHrzaM05UvOn0hLV4secucXs_x7hm7VSY7RXG7aJNz8YfMnewGJG9a2Nj8CLDyogZipD7CcBCK30J4_feIpZkdH6mPatEePFGhlnMgew/$%7BCLICK_URL_ENC%7D HTTP 302
  • https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NL_Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Request Chain 323
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6482711138068417781&ssp=emxdigital HTTP 302
  • https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Request Chain 324
  • https://imp-euro.emxdgt.com/imp/?cp=0.06080&ts=1661179751&seat=70&w=728&h=90&pb=0.04864&sid=9508&tid=82818&pid=1323&uid=70451661179750635808f1&wid=21&dom=securityaffairs.co&tp=0.06080&mt=1&dt=2&st=1&os=&ip=217.64.151.69&sz=&country=SE&region=AB&city=Stockholm&zip=&dma=&agency_id=&cluster=euro-hb&browser=chrome&rf=securityaffairs.co&data_fee_type=&data_fee=0&clstr_nm=header-bidding-euro-4&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.5112.101%20Safari/537.36&make=&ifa=&adom=ad4m.at&cat=3&gdpr=1&crid=70_37104562&burlv2=aHR0cHMlM0ElMkYlMkZnaGVudC1hd3MtZnIuYmlkc3dpdGNoLm5ldCUyRndpbl9ub3RpY2UlMkZlbXhkaWdpdGFsX2JpZCUzRnJpZCUzRFBLaHNDVldxdGo2VWxwMllwU2MyZ1NMS3dZNHVyYjhXcEJpTWlsUkk3VUVHY1VHZWFSWjBpbXp3bzZ1MkVIdjRvbVFUVy1Ya3lXMUMtVmpvZGVsRk9EUHh1NHVHT1l5VWI2MVU4b0VSUVhrTGU2SVMyb2pQSi1lT3NpS3I1aFFQUjhVaExxSGIzVUJsb2tkc0hSQXNHQ2ZRWFk2Rk9mZE5JMzlhdHhpNFpEaUxZM1FtQmN5MzN4STVseWNMbnFoMWR5SVQ4OWNjTG5kUjcxUmJ0bDIzUmpCUUt3WFprVGtMaVZzWU00N01XSEY4TGJPY2RPVVFCcVh3VjBlM1lPaEJEWUpaVmo5RE9HVlBaNG0xV3Z6YkRqMnRiTUVzSjh1VHJKMEVXQlFEdXB3S2tXT09aMHkzTVBmOHVWOWNKdlQwVHpXMjdjdEJ2S01pb1lQUWI0ME5mbkE5UzQ3TXBrYjJfZjRjZVFsQUlkczI0NWkyLUVsY0lKTWtjRkZCZU1leEdkUHdkLWltNjBVUWktQ1ZmbldOWWxIWTRZMDY3dE9FWDJ1Q0JiYnA5RXg1Ql92dF9wOU1fU1RVb3FMT2ZNRktCYS1SZFVVYmFlbW9ZaUVYUEgxcUxyeUs2dnQ0ZzhTeE55clliUGdGRHNxM09KN1g1eS1DUlpzV3pfTU1tcHFXemtIdktqMVZteUZoaWJBMzg2RUhoVmJNTnRHdFdYbkdwMDZkWjA5Zy1mS3ZvTXpPM1E0WEZHMGk3MmU4dmIxMHJOdjlfajZ4eGdqQXFoMmE3dV84bGt4dl81TlFPZTQzYXhIRElxVHY1VXExbHdEWW9yc2hWck9UUEhQME9YWVRoWThVcm0yS0hOcDB0Q3hKNTNTTWdIUVVnelNqbGJlWlJYOG5zWlhOYldhb0dDWjlSLURyOTFvSEdER1oyamQ3X1dyVjBYenA0X2NmYTRlNGFOUlJPZWlfTkVzTVlNZ0FvQmlzRl9RajViaktpR0FlVkh2TmhMNWJUN255TEtpVmdDWlBrWHhjTTNybVBDWnNKX043dTkyYU1mODlETlJOOHppTFB1d2hVLWdIcnphTTA1VXZPbjBoTFY0c2VjdWNYc194N2htN1ZTWTdSWEc3YUpOejhZZk1uZXdHSkc5YTJOajhDTER5b2daaXBEN0NjQkNLMzBKNF9mZUlwWmtkSDZtUGF0RWVQRkdobG5NZ2V3JTI2cCUzRCUyNCU3QkVNWF9CVVJMJTdEJTI2YWlkJTNE HTTP 302
  • https://biddr.brealtime.com/check_gdpr.js
Request Chain 328
  • https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104560_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW__MkHCjwrrFhRkY7FK__XO0KT6NLSGFK5__6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9__LWT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/8JG8qld6fvEcKmXO_2n9sB31t1o4VZM79bkQ7qWB1o-6AGSyU1SZs1UR7OGyVDIK98agYfjmUE9IXk9xM3HH7e5td_iBr_PLnv95L_5hShlGqVngO-u_NM6k0UOM8fvQvI2qGB_vg0Z2dhqOWKL-uEL2B5R8Y3sMeB5SY024MVktgC81x6PpJgle8nHwL84oi6pUuCa17lsLFLQ5ic7-LELvBIIhe9Yyw2CWBOnHmlvr37j9Gwy1ATWV2jq0Js-a9X3bIItPSN-05wOUbJ91f0znS9t-8rvI64i6wOgxsQ3ehDPZU_1JGObL7GoLCDcxMpO9M-ct05s9ghsT_3jn7ywnbMfSJUQR2QYS51m54_7bCOYpsGkS3EBMtI7VIjtguccgLVwlSBWQDla9aGX5jqV_ObNdPqV66KWzlu_V1H4NEfy87gRiZZbIdFLx2mRAMCkHKVYBNwHkbkXYC7UUPkw_hXYzU4nJ_c-v0UuUvhclbRMjvrhwGcA6PLmUmPCa3R4mbW-67MgCTspN2ehrDd8NkxJZi194KzN265ERGSIsqTUWFBj6ZG9sFbQCeekqjmWsc0H883GrPS3M6hoqqv7fl0L70LafMtjX42Tpii9P7oboxUAY-66M3K4KjcssFM8InC7yuIZ8UtymTW-UbpKor5oK1GRGTKAEbfFwNjh4aOgg-TLNl7fk_vb75M9kqgy9AFMwPEYsszWM1tyLsq2uOz0ecYuxv62sRehYaNv91Y68SHMaSNrnAlsm1YnXXk1L4EXtT9T-58PSsVih2csM8z17W54LTe68Rtk8doTcEJycutzMx0oYDny4Zn3Y2JjtlYtUKbEcv4AArsXePb1pmxoXfNk3NPYG59ZJd0_YnBZQMeqaDX1_chzXLYvlg4GbMAOUBvwq8rKNjAHk/$%7BCLICK_URL_ENC%7D HTTP 302
  • https://track.adform.net/adfscript/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Request Chain 329
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6482711138068417781&ssp=emxdigital HTTP 302
  • https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Request Chain 330
  • https://imp-euro.emxdgt.com/imp/?cp=0.06080&ts=1661179751&seat=70&w=300&h=250&pb=0.04864&sid=9508&tid=82816&pid=1323&uid=68251661179750639160f1&wid=21&dom=securityaffairs.co&tp=0.06080&mt=1&dt=2&st=1&os=&ip=217.64.151.69&sz=&country=SE&region=AB&city=Stockholm&zip=&dma=&agency_id=&cluster=euro-hb&browser=chrome&rf=securityaffairs.co&data_fee_type=&data_fee=0&clstr_nm=header-bidding-euro-4&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/104.0.5112.101%20Safari/537.36&make=&ifa=&adom=ad4m.at&cat=3&gdpr=1&crid=70_37104560&burlv2=aHR0cHMlM0ElMkYlMkZnaGVudC1hd3MtZnIuYmlkc3dpdGNoLm5ldCUyRndpbl9ub3RpY2UlMkZlbXhkaWdpdGFsX2JpZCUzRnJpZCUzRDhKRzhxbGQ2ZnZFY0ttWE9fMm45c0IzMXQxbzRWWk03OWJrUTdxV0Ixby02QUdTeVUxU1pzMVVSN09HeVZESUs5OGFnWWZqbVVFOUlYazl4TTNISDdlNXRkX2lCcl9QTG52OTVMXzVoU2hsR3FWbmdPLXVfTk02azBVT004ZnZRdkkycUdCX3ZnMFoyZGhxT1dLTC11RUwyQjVSOFkzc01lQjVTWTAyNE1Wa3RnQzgxeDZQcEpnbGU4bkh3TDg0b2k2cFV1Q2ExN2xzTEZMUTVpYzctTEVMdkJJSWhlOVl5dzJDV0JPbkhtbHZyMzdqOUd3eTFBVFdWMmpxMEpzLWE5WDNiSUl0UFNOLTA1d09VYko5MWYwem5TOXQtOHJ2STY0aTZ3T2d4c1EzZWhEUFpVXzFKR09iTDdHb0xDRGN4TXBPOU0tY3QwNXM5Z2hzVF8zam43eXduYk1mU0pVUVIyUVlTNTFtNTRfN2JDT1lwc0drUzNFQk10STdWSWp0Z3VjY2dMVndsU0JXUURsYTlhR1g1anFWX09iTmRQcVY2NktXemx1X1YxSDRORWZ5ODdnUmlaWmJJZEZMeDJtUkFNQ2tIS1ZZQk53SGtia1hZQzdVVVBrd19oWFl6VTRuSl9jLXYwVXVVdmhjbGJSTWp2cmh3R2NBNlBMbVVtUENhM1I0bWJXLTY3TWdDVHNwTjJlaHJEZDhOa3hKWmkxOTRLek4yNjVFUkdTSXNxVFVXRkJqNlpHOXNGYlFDZWVrcWptV3NjMEg4ODNHclBTM002aG9xcXY3ZmwwTDcwTGFmTXRqWDQyVHBpaTlQN29ib3hVQVktNjZNM0s0S2pjc3NGTThJbkM3eXVJWjhVdHltVFctVWJwS29yNW9LMUdSR1RLQUViZkZ3TmpoNGFPZ2ctVExObDdma192Yjc1TTlrcWd5OUFGTXdQRVlzc3pXTTF0eUxzcTJ1T3owZWNZdXh2NjJzUmVoWWFOdjkxWTY4U0hNYVNOcm5BbHNtMVluWFhrMUw0RVh0VDlULTU4UFNzVmloMmNzTTh6MTdXNTRMVGU2OFJ0azhkb1RjRUp5Y3V0ek14MG9ZRG55NFpuM1kySmp0bFl0VUtiRWN2NEFBcnNYZVBiMXBteG9YZk5rM05QWUc1OVpKZDBfWW5CWlFNZXFhRFgxX2NoelhMWXZsZzRHYk1BT1VCdndxOHJLTmpBSGslMjZwJTNEJTI0JTdCRU1YX0JVUkwlN0QlMjZhaWQlM0Q= HTTP 302
  • https://biddr.brealtime.com/check_gdpr.js
Request Chain 358
  • https://private.vodafone-affiliate.de/tpv.php?t=112510V1175122964M&cons=&subid=oneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://m.exactag.com/ai.aspx?extCa=707&extTcm=AffDisPer12218C|NonCpoNon|fq0gen&url=http://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW HTTP 302
  • https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Request Chain 361
  • https://pv.medialead.de/trck/epv/2aed39855b5f46b7651ba591340f258c?t=htlp&subid=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Request Chain 364
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://www.zenaps.com/cshow.php?pvr=98af6b30-2229-11ed-80d0-22316432dc67&v=11354&r=412871&q=377129&s=2470185&viewref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&pv=1&gdpr=0&gdpr_consent= HTTP 302
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1661179756_98af6b30-2229-11ed-80d0-22316432dc67&insert=AW&&gdpr=0&gdpr_consent=
Request Chain 369
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
  • https://match.bnmla.com/usersync?dspid=6&uuid=0671D2A38483422B810E6AE08737B306 HTTP 302
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Request Chain 370
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:zV27ONNo1Oq8JT5&gdpr=0&gdpr_consent=
Request Chain 371
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
Request Chain 372
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
Request Chain 375
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03 HTTP 302
  • https://a.audrte.com/p
Request Chain 377
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=de466e49-c8f9-4244-90af-5b910074cec4&gdpr=0&gdpr_consent=
Request Chain 378
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
Request Chain 379
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 381
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03 HTTP 302
  • https://a.audrte.com/p
Request Chain 384
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ca03f1b3-0c13-4554-908c-d1cd4a245448&gdpr=0&gdpr_consent=
Request Chain 385
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
  • https://match.bnmla.com/usersync?dspid=6&uuid=0671D2A38483422B810E6AE08737B306 HTTP 302
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Request Chain 386
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:05IxoNNP1Oq8JT5&gdpr=0&gdpr_consent=
Request Chain 387
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306

391 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request coronavirus-spam-campaign.html
securityaffairs.co/wordpress/99156/cyber-crime/ 		101 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
ecc971fa2ce05ba2be1499ed1ec54565678396ce8bd7fcbcbd6493239c6978b7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:06 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/99156>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=99156>; rel=shortlink
server
Apache
x-pingback
https://securityaffairs.co/wordpress/xmlrpc.php
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Tue, 12 Jul 2022 21:45:23 GMT
server
Apache
accept-ranges
bytes
etag
"193c1-5e3a295f4b1f7"
content-length
103361
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5de9c4c5f3471"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5de9c4c5f3471"
content-length
27249
content-type
text/css
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"23809-5e093c3f1132e"
content-length
145417
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
6901753
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
6c27480193430d6ea3ddfc5c9cf7f881
cf-ray
73ec69d3cb6bcc5a-ZRH
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		18 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"4991-5e57184efbe91"
content-length
18833
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Thu, 04 Aug 2022 22:03:25 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5e57184c7d47c"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Mon, 09 May 2022 23:09:21 GMT
server
Apache
accept-ranges
bytes
etag
"8583-5de9c4c5f53b0"
content-length
34179
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2304:ec00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 20 Aug 2022 03:54:09 GMT
content-encoding
gzip
vary
Accept-Encoding
age
212098
x-cache
Hit from cloudfront
content-length
12778
server
nginx/1.20.1
etag
W/"62bdf23a-c590"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 127e1ddb6224f10ae9e484392afd1b6c.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
VIE50-P1
x-robots-tag
noindex, nofollow
x-amz-cf-id
0Yh_0fmaxWIfP-3x6673bDCqb4Ve5-7k27jGF1o2Qm3-UKLZbcMflQ==
expires
Tue, 23 Aug 2022 03:54:09 GMT
sharethis.js
platform-api.sharethis.com/js/ 		190 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-51.fra60.r.cloudfront.net
Software
/
Resource Hash
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:48:34 GMT
content-encoding
gzip
vary
Accept-Encoding
age
34
etag
W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA60-P3
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
Vzy7sLgJ7oaumU1HLp-Q5so5AU0U_f_mlEkMThccSsddShCE6XVBhw==
dmedianet.js
contextual.media.net/ 		368 B
556 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-mnt-h
22-rm2g
date
Mon, 22 Aug 2022 14:49:09 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
expires
Mon, 22 Aug 2022 14:54:09 GMT
cache-control
max-age=300
strict-transport-security
max-age=31536000
content-length
368
x-cache-hits
0
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Wed, 24 Aug 2022 14:49:09 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B95) /
Resource Hash
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:09 GMT
Content-Encoding
gzip
Age
370
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
29278
x-tw-cdn
VZ
Last-Modified
Mon, 15 Aug 2022 23:23:32 GMT
Server
ECS (amb/6B95)
Etag
"080f1472776d4d1a972a14cea4433aeb+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
Coronavirus-spam-email.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/03/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/03/Coronavirus-spam-email.jpg?resize=768%2C469&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
13106a9efe43085eb10eae74cf4f5640ffd8b6cade7ba2db4cfbf717a5e30b58
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
MISS hhn 3
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Aug 2022 14:49:09 GMT
server
nginx
etag
"b7a37a5f03c849a8"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/03/Coronavirus-spam-email.jpg>; rel="canonical"
content-length
15144
expires
Thu, 22 Aug 2024 02:49:09 GMT
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 25 May 2022 22:59:02 GMT
server
Apache
accept-ranges
bytes
etag
"7e90-5dfde04f437ff"
content-length
32400
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a27a5f2dbcd76fca02b031770446541d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
Escanor-Malware-3.png
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/Escanor-Malware-3.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e9560ae92ea67133a0722c02d3c78504b0ad620a7aa8451aaaed7aa90ef0c3ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Mon, 22 Aug 2022 07:08:22 GMT
server
Apache
accept-ranges
bytes
etag
"e3ac-5e6cf1cfa4db9"
content-length
58284
content-type
image/png
Donot-Team-APT-2.JPG.png
securityaffairs.co/wordpress/wp-content/uploads/2022/08/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/08/Donot-Team-APT-2.JPG.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dd02cb39990f2d13b033435cd5f1875e5fbbed61c1824597c1340d4a90352f64

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Sun, 21 Aug 2022 21:43:08 GMT
server
Apache
accept-ranges
bytes
etag
"d3db-5e6c7378a962a"
content-length
54235
content-type
image/png
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
072843f9515b3818195d2efaf1434ea4967a9dc1d90802e24b424da1440cf5db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
x-bytes-saved
27320
content-length
7732
x-nc
HIT hhn 4
last-modified
Sun, 09 Jun 2019 00:56:06 GMT
server
nginx
etag
"4a503623948f0392"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
expires
Tue, 08 Jun 2021 12:56:06 GMT
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5e57184ec6340"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 20 Jul 2022 22:10:23 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5e443de11a895"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1654300135
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Fri, 03 Jun 2022 23:48:55 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5e093c3f23c09"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:08 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Thu, 04 Aug 2022 22:03:27 GMT
server
Apache
accept-ranges
bytes
etag
"45a7-5e57184efbe91"
content-length
17831
content-type
application/javascript
e-202234.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202234.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn
date
Mon, 22 Aug 2022 14:49:09 GMT
content-encoding
br
server
nginx
etag
W/"62f6b688-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 13 Aug 2023 23:03:42 GMT
pview
l.sharethis.com/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661179749577.78270&hostname=securityaffairs.co&location=%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&title=New%20Coronavirus-themed%20malspam%20campaign%20delivers%20FormBook%20MalwareSecurity%20Affairs&sop=false&description=Experts%20uncovered%20a%20new%20Coronavirus%20(COVID-19)-themed%20campaign%20that%20is%20distributing%20a%20malware%20downloader%20that%20delivers%20the%20FormBook%20information-stealing%20Trojan.%20Experts%20at%20MalwareHunterTeam%20uncovered%20a%20new%20malspam%20campaign%20exploiting%20the%20fear%20in%20the%20Coronavirus%20(COVID-19)%20to%20deliver%20malware.%20The%20campaign%20uses%20emails%20that%20pretend%20being%20sent%20by%20members%20of%20the%20World%20Health%20Organization%20(WHO)%2C%20the%20messages%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.119.23.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-119-23-78.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
444 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:9c00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
via
1.1 0f538ee832e1105649039b38ce89e882.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
age
38
etag
"e6e1643313740711175f51662a65b42f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
accept-ranges
bytes
x-amz-cf-pop
FRA2-C1
strict-transport-security
max-age=31536000; includeSubDomains
content-length
30
x-amz-cf-id
Q-s12bDWWZBxKGZIlHTeA72il0Q_qgXLMf6-kyIwd2ZLiRD1fbHAzw==
analytics.js
google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5944
date
Mon, 22 Aug 2022 13:10:05 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 22 Aug 2022 15:10:05 GMT
gtm.js
www.googletagmanager.com/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e9c5062de1af0d21a4cd980d2476af44a3ecafb6eaac5c864435e71a5f167fd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37923
x-xss-protection
0
last-modified
Mon, 22 Aug 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Aug 2022 14:49:09 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
coronavirus-spam.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/03/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/03/coronavirus-spam.jpg?resize=768%2C693&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
610eeb65562f9766c0df43d75acbfb6a6bbfb21da6ec40be26d32cd93b349b3b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
MISS hhn 3
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Aug 2022 14:49:09 GMT
server
nginx
etag
"a326feb0c169e8fc"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/03/coronavirus-spam.jpg>; rel="canonical"
content-length
44232
expires
Thu, 22 Aug 2024 02:49:09 GMT
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Mon, 22 Aug 2022 14:49:09 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Mon, 22 Aug 2022 14:54:09 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Jun 2022 21:28:00 GMT
server
nginx
etag
"89e5fea0740da8de"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Sat, 22 Jun 2024 09:28:00 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=29506073&post=99156&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2948&rand=0.5692586455373689
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 22 Aug 2022 14:49:09 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.21.184.22 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-22.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Mon, 22 Aug 2022 14:49:09 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=84661
Connection
keep-alive
Content-Length
15
widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html
platform.twitter.com/widgets/ Frame 475A 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fsecurityaffairs.co
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BB8) /
Resource Hash
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
503857
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105445
Content-Type
text/html; charset=utf-8
Date
Mon, 22 Aug 2022 14:49:09 GMT
Etag
"50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified
Mon, 15 Aug 2022 23:01:14 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6BB8)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
collect
www.google-analytics.com/j/ 		2 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=866166039&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&ul=en-us&de=UTF-8&dt=New%20Coronavirus-themed%20malspam%20campaign%20delivers%20FormBook%20MalwareSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=890250343&gjid=146625564&cid=61578736.1661179750&tid=UA-59069958-1&_gid=1004439179.1661179750&_r=1&_slc=1&z=622644122
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		197 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4cd9931e0d5585c9d662314742ef0aa0e5de65d1b8f4d55a143ac04dfe8e19a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72176
x-xss-protection
0
expires
Mon, 22 Aug 2022 14:49:09 GMT
settings
syndication.twitter.com/ Frame 475A 		647 B
567 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=b49fe8ed45ed8278697c10574ffc2c828c94967c
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fsecurityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
8f5424a25c737e0a9aab339df1474b850f68f7883f3f99764c9dc3172aa7eca5
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-response-time
109
date
Mon, 22 Aug 2022 14:49:09 GMT
content-encoding
gzip
last-modified
Mon, 22 Aug 2022 14:49:10 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
c2a5d85f0984e2bf7125ffbc0027112d09ca57b7b11e38aaecd897af4d84e258
content-length
286
collect
region1.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe8h0&_p=866166039&cid=61578736.1661179750&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1661179749&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&dt=New%20Coronavirus-themed%20malspam%20campaign%20delivers%20FormBook%20MalwareSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
cf-cache-status
HIT
last-modified
Wed, 10 Aug 2022 15:56:37 GMT
server
cloudflare
age
168739
etag
W/"62f3d535-84bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPAToJiW1TiSfpFhEvW2YkBnoeUWUGAxxwU%2Bo3%2B7e14hhz0xGhsrbeXRjJGBXHhcuXwmHrJZtRpzNum0Vl7lEJQZpXCO8qojTeHHfvUAkvHtcYyP9Ko8oO02hyIaLLjEd5NRQjbpucpMlpHMrkG7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Mon, 22 Aug 2022 15:56:49 GMT
cache-control
public, max-age=172800, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
73ec69dd8effba9d-MXP
cf-bgj
minify
pbix.js
cdn.pixfuture.com/ 		401 KB
402 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
97055
cf-polished
origSize=410578
cf-bgj
minify
last-modified
Wed, 18 May 2022 15:53:44 GMT
server
cloudflare
etag
W/"62851688-643d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3GvFCEi%2BvYvJnxdym8RcpV7erertKFuoJIIaSLMhVTo0gYLNcEr1OAbry1o3NmV0pmUDWBf5%2BDC%2BQc7BvwQcqXtbgcWbtA7OFLJvRnTkVPnKjGydNtKFNwlft41vld3gcJrE4siuPhHp%2Fr5sWoyY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=172800, no-transform
cf-ray
73ec69dddfadba9d-MXP
expires
Tue, 23 Aug 2022 11:51:27 GMT
r.js
aa.agkn.com/adscores/ 		0
459 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.64.108.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-108-197.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=iso-8859-1
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=new,coronavirusthemed,malspam,campaign,delivers,formbook,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
c049ec6c8748fd3389e4d015d680b2f03e55c46b0447002aee2613e6f7976d97

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:10 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=new,coronavirusthemed,malspam,campaign,delivers,formbook,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
2489c724131d1b1b4fc08681c6a2fc242197be3893c0d32193b52d646347cf0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:10 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=new,coronavirusthemed,malspam,campaign,delivers,formbook,malwaresecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3bdc58b4bfd65f41b1b72f43da1632e4dbb30289a52965ea4c915de00fc84ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:10 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1661179749577.78270&hostname=securityaffairs.co&location=%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&title=New%20Coronavirus-themed%20malspam%20campaign%20delivers%20FormBook%20MalwareSecurity%20Affairs&sop=false&description=Experts%20uncovered%20a%20new%20Coronavirus%20(COVID-19)-themed%20campaign%20that%20is%20distributing%20a%20malware%20downloader%20that%20delivers%20the%20FormBook%20information-stealing%20Trojan.%20Experts%20at%20MalwareHunterTeam%20uncovered%20a%20new%20malspam%20campaign%20exploiting%20the%20fear%20in%20the%20Coronavirus%20(COVID-19)%20to%20deliver%20malware.%20The%20campaign%20uses%20emails%20that%20pretend%20being%20sent%20by%20members%20of%20the%20World%20Health%20Organization%20(WHO)%2C%20the%20messages%20%5B%E2%80%A6%5D&description=Experts%20uncovered%20a%20new%20Coronavirus%20(COVID-19)-themed%20campaign%20that%20is%20distributing%20a%20malware%20downloader%20that%20delivers%20the%20FormBook%20information-stealing%20Trojan.%20Experts%20at%20MalwareHunterTeam%20uncovered%20a%20new%20malspam%20campaign%20exploiting%20the%20fear%20in%20the%20Coronavirus%20(COVID-19)%20to%20deliver%20malware.%20The%20campaign%20uses%20emails%20that%20pretend%20being%20sent%20by%20members%20of%20the%20World%20Health%20Organization%20(WHO)%2C%20the%20messages%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.119.23.78 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-119-23-78.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
tweet.5b94507822be1b77b58bef86fc7cd9f7.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/tweet.5b94507822be1b77b58bef86fc7cd9f7.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B8E) /
Resource Hash
543f1e90e16b91657384920db11d373b377d4e152e1b9081099f7c6ed7de5765

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
2620
x-tw-cdn
VZ
Last-Modified
Mon, 15 Aug 2022 23:01:06 GMT
Server
ECS (amb/6B8E)
Etag
"de945abf31c14b2f81f9f499871cbe47+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.21.184.22 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-22.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Server
Apache
Date
Mon, 22 Aug 2022 14:49:10 GMT
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=84660
Connection
keep-alive
Content-Length
15
Tweet.html
platform.twitter.com/embed/ Frame AC6F 		406 B
951 B 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B8C) /
Resource Hash
b64c04792edbe427b98b645d32df75732e5424d3a6d1e840173584dc211aa034

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1058
Cache-Control
public, max-age=1800
Content-Length
406
Content-Type
text/html; charset=utf-8
Date
Mon, 22 Aug 2022 14:49:10 GMT
Etag
"dd452c08b92523224f8e8cea00e3831c"
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (amb/6B8C)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
X-Cache
HIT
x-tw-cdn
VZ
embed.runtime.77551932feacdf3e1432.js
platform.twitter.com/embed/ Frame AC6F 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B84) /
Resource Hash
bd12d05fdd69aa3f07360894560e0bc1be44fdce5be16d0636616d5734ae2109

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
3368
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6B84)
Etag
"c48f684e35b58d9d8912347c92ede7e2+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.modules.22436ce161b8a1362ef3.js
platform.twitter.com/embed/ Frame AC6F 		497 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.modules.22436ce161b8a1362ef3.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BA6) /
Resource Hash
955ce104740b084bf508227d36801bb475235b7de0191428e7053df2311865bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
165822
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6BA6)
Etag
"2b6c114de2ad3be0593f59454c05064f+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.Tweet.37db06d48778970271d7.js
platform.twitter.com/embed/ Frame AC6F 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.Tweet.37db06d48778970271d7.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B73) /
Resource Hash
4a00637aa353e2f5120dff7d29ab6b2997f2edee0ac7b80792a82ef03a804548

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
6310
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6B73)
Etag
"e57abd0dbfb15102e9ba7c6f51cbc53f+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.vendors~ondemand.horizon-web.i18n.ar-js~ondemand.horizon-web.i18n.ar-x-fm-js~ondemand.horizon-web.i1~98d47477.022b10081a82154299a6.js
platform.twitter.com/embed/ Frame AC6F 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.i18n.ar-js~ondemand.horizon-web.i18n.ar-x-fm-js~ondemand.horizon-web.i1~98d47477.022b10081a82154299a6.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B99) /
Resource Hash
ba29b730d69c2353e3a3d6347b2da26d0a6ef9eff2a4bb2e7c99f470af05831a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length
6794
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6B99)
Etag
"f2b43f31a678952bb606698c2510fadc+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.ondemand.i18n.en-js.26aa117248996d58e1bc.js
platform.twitter.com/embed/ Frame AC6F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.26aa117248996d58e1bc.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BBB) /
Resource Hash
04d805cf6b74dbc28de8c916eb53f9d7d84e36ae2efdb0b04c7a8e321b2bf0c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
1395
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6BBB)
Etag
"47d31d660d06d314ae8d4664808594e6+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.vendors~ondemand.horizon-web.i18n.en-js.1c97cb46d8f406ddd7b9.js
platform.twitter.com/embed/ Frame AC6F 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.i18n.en-js.1c97cb46d8f406ddd7b9.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B8F) /
Resource Hash
00f42fa843b0f3ddc9f8028adfe75a3223a3810de9aad23fba78f9f61d09ac28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
11303
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6B8F)
Etag
"1bce9aa204be77ae1eb8a5af6214f3bc+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 22 Aug 2022 14:49:09 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1302
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1016 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
9f410b25-c349-4b2b-ad76-d21ac910a8cb
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
ddb01dd0-b68c-4650-bdfa-54b1606b1e3a
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1017 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
d8f6209b-5518-4113-b194-426ede0e0ead
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
0bea38fd-3e2a-4c50-a297-2a16507cb728
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=nNuMV3xPaFZPWGZvWGJNNDdoVW1uVGhER3V1b2xyU2g2ZE96WWhjVmh0ejBHT29Tc2xDeWYwK3lYRTFSLzZHWXNZWFJWZjhMemhGdnhVUG9ITVNOUFNyTTFOdHdsOUFFeTYrVjllOHFvRmQ2eHJmMUxXeUF2eGNza3podE...
352 B
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=nNuMV3xPaFZPWGZvWGJNNDdoVW1uVGhER3V1b2xyU2g2ZE96WWhjVmh0ejBHT29Tc2xDeWYwK3lYRTFSLzZHWXNZWFJWZjhMemhGdnhVUG9ITVNOUFNyTTFOdHdsOUFFeTYrVjllOHFvRmQ2eHJmMUxXeUF2eGNza3podEs5WGdmb1NoT3huZFpwdEN6YTFXNWY2N0hwWHN4ZStYeFpEcjI5enVNc1czL1RzODBCK2svalhjd3RqSzNVY1BnbCt4MTBuSEhLZEtQTGVBVXFwaE50MXR4ZXNtL1JIaFBycXdmVXdKcjc4dERqTHNwVDdZUi9WazRBbWJiVHdRQjF2SENPK3ZPfA&cppv=2
Protocol
H2
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
175ae53e202beaa41d779262dc3fe5f883b5ac76a1d6e1beae06ef48f3845bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3452
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
location
https://mug.criteo.com/sid?cpp=nNuMV3xPaFZPWGZvWGJNNDdoVW1uVGhER3V1b2xyU2g2ZE96WWhjVmh0ejBHT29Tc2xDeWYwK3lYRTFSLzZHWXNZWFJWZjhMemhGdnhVUG9ITVNOUFNyTTFOdHdsOUFFeTYrVjllOHFvRmQ2eHJmMUxXeUF2eGNza3podEs5WGdmb1NoT3huZFpwdEN6YTFXNWY2N0hwWHN4ZStYeFpEcjI5enVNc1czL1RzODBCK2svalhjd3RqSzNVY1BnbCt4MTBuSEhLZEtQTGVBVXFwaE50MXR4ZXNtL1JIaFBycXdmVXdKcjc4dERqTHNwVDdZUi9WazRBbWJiVHdRQjF2SENPK3ZPfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2034
content-length
509
expires
0
529.json
id5-sync.com/g/v2/ 		213 B
625 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.69 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216534.ip-141-95-98.eu
Software
/
Resource Hash
8e0aa7b9cfa992549619789be8bd6a63a2c6abef5e1d2d139aa21fdeb612e8b5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:09 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
0e696569615c5847f19759a7e9b57198ef74d82e68ad9d65470ce2b3e0ab5a55

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Wed, 21 Sep 2022 14:49:10 GMT
embed.vendors~ondemand.Tweet.e54d69b39047ba47eee9.js
platform.twitter.com/embed/ Frame AC6F 		666 KB
183 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.e54d69b39047ba47eee9.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BAE) /
Resource Hash
23ca344f4c79cfe310d2126ea0ddf6c46a75c0fd0a9f6226ea12f2aad3247b18

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
186983
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6BAE)
Etag
"f2eb48291075cf219654edd01a6ab7c8+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.ondemand.Tweet.5fc7d13e1d7da5819eef.js
platform.twitter.com/embed/ Frame AC6F 		82 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.Tweet.5fc7d13e1d7da5819eef.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BC3) /
Resource Hash
94d6cf2810716bc417e93ea855cd83622b7ca1e2fd96fdf8c36154ac493a84e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
18346
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6BC3)
Etag
"8c0d595e288c949c0441b06ac24bea02+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
embed.ondemand.Dropdown.5c1c610935c86ba65697.js
platform.twitter.com/embed/ Frame AC6F 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/embed/embed.ondemand.Dropdown.5c1c610935c86ba65697.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.77551932feacdf3e1432.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6B8F) /
Resource Hash
b086dc80b7682d9c831f918566694d9ea4f078c382efaf6a4b2509b7236365f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/embed/Tweet.html?creatorScreenName=securityaffairs&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiXSwidmVyc2lvbiI6bnVsbH0sInRmd19ob3Jpem9uX3RpbWVsaW5lXzEyMDM0Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfcmVzdWx0X21pZ3JhdGlvbl8xMzk3OSI6eyJidWNrZXQiOiJ0d2VldF9yZXN1bHQiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NlbnNpdGl2ZV9tZWRpYV9pbnRlcnN0aXRpYWxfMTM5NjMiOnsiYnVja2V0IjoiaW50ZXJzdGl0aWFsIiwidmVyc2lvbiI6bnVsbH0sInRmd19leHBlcmltZW50c19jb29raWVfZXhwaXJhdGlvbiI6eyJidWNrZXQiOjEyMDk2MDAsInZlcnNpb24iOm51bGx9LCJ0ZndfZHVwbGljYXRlX3NjcmliZXNfdG9fc2V0dGluZ3MiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9mZiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideCard=false&hideThread=false&id=1236008791893778434&lang=en&origin=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&sessionId=b49fe8ed45ed8278697c10574ffc2c828c94967c&siteScreenName=securityaffairs&theme=light&widgetsVersion=31f0cdc1eaa0f%3A1660602114609&width=500px
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Content-Encoding
gzip
Age
503858
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length
2216
x-tw-cdn
VZ
Last-Modified
Tue, 16 Aug 2022 18:35:46 GMT
Server
ECS (amb/6B8F)
Etag
"6efa12a2c28064b9fd1f5f96db8b3fbb+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
tweet-result
cdn.syndication.twimg.com/ Frame AC6F 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.syndication.twimg.com/tweet-result?features=tfw_timeline_list%3Alinktr.ee%2Ctr.ee%3Btfw_horizon_timeline_12034%3Atreatment%3Btfw_tweet_edit_backend%3Aon%3Btfw_refsrc_session%3Aon%3Btfw_tweet_result_migration_13979%3Atweet_result%3Btfw_sensitive_media_interstitial_13963%3Ainterstitial%3Btfw_experiments_cookie_expiration%3A1209600%3Btfw_duplicate_scribes_to_settings%3Aoff%3Btfw_tweet_edit_frontend%3Aoff&id=1236008791893778434&lang=en
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.22436ce161b8a1362ef3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_f / Express
Resource Hash
90e9f2d0a179dba1a822842ce5c3e4f0c3bd4526efb210e224305e7a5b8c7810
Security Headers
Name Value
Content-Security-Policy connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding
gzip
etag
W/"a35-wY4lNW+LcmqxrkcJqEal8b19qWI"
x-powered-by
Express
access-control-allow-methods
GET
server-timing
x-cache;desc= ,x-tw-cdn;desc=VZ,edge;dur=173
strict-transport-security
max-age=631138519
x-xss-protection
0
x-response-time
162
server
tsa_f
x-frame-options
SAMEORIGIN
date
Mon, 22 Aug 2022 14:49:10 GMT
vary
Origin, Accept-Encoding
x-tw-cdn
VZ, VZ, VZ
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=60
access-control-allow-credentials
true
x-connection-hash
5a73bb1f2c033c6c92bb8165fc6be7b57b8355c9bb29d2721a1f084ad8b3b3c9
x-content-type-options
nosniff
access-contol-allow-origin
platform.twitter.com
cookie_sync
prebidserver.pixfuture.com/ 		281 B
598 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
281
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
139ac7969d4c695ddef98dc69bded86ec601d304adbcfbc791e990427ade1acc

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
153
expires
0
trinity.json
apex.go.sonobi.com/ 		94 B
846 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224369d9e9c30676%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&s=bcaf3665-0509-47f5-80fe-e6ccca977daf&pv=150a65ca-1d03-4fb7-9e76-1beddb43853d&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=new%2Ccoronavirusthemed%2Cmalspam%2Ccampaign%2Cdelivers%2Cformbook%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
d3131d56978fdd26251291a6a2cb850c97ef91794a68fd4d22b0086961fa9fb8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-7-25
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
119
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=99f64298-e416-4691-a8a5-0937574378ad&nocache=1661179750515&id5id=0&pubcid=852a2a9d-ec07-453c-8575-48a3cc0cf64c&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJz
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
aa293afd1d070f7c93f915d6396b68c4fa9fa2335018e2af2e45182d5dcf6e8d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
86abd374f9a46a943357bf193fd10469371fa9ae1f8323f72c328f2504da42e6

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.135.209.97 , France, ASN16276 (OVH, FR),
Reverse DNS
ip97.ip-5-135-209.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:09 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=852a2a9d-ec07-453c-8575-48a3cc0cf64c%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=99f64298-e416-4691-a8a5-0937574378ad&l_pb_bid_id=1425a99bf6fec58&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4841337210499532
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
8ee20d411da0b48e0a628a7baa4330f33476b45472846561e69318a593ae8830

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
866 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
b3f58ba3-a197-4d50-96cb-80403b1a3408
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661179750525&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.109.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-109-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:10 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
prebid
prebid.media.net/rtb/ 		1 KB
915 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
42ccfba410c48bc923faa8965282ce2c3fd100dd5b2c55f704d2fc029f39cb76

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
v1
btlr.sharethrough.com/universal/ 		0
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-113-77.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 22 Aug 2022 14:49:10 GMT
Cache-Control
private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
hb
ssc.33across.com/api/v1/ 		0
0
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=nNuMV3xPaFZPWGZvWGJNNDdoVW1uVGhER3V1b2xyU2g2ZE96WWhjVmh0ejBHT29Tc2xDeWYwK3lYRTFSLzZHWXNZWFJWZjhMemhGdnhVUG9ITVNOUFNyTTFOdHdsOUFFeTYrVjllOHFvRmQ2eHJmMUxXeUF2eGNza3podEs5WGdmb1NoT3huZFpwdEN6YTFXNWY2N0hwWHN4ZStYeFpEcjI5enVNc1czL1RzODBCK2svalhjd3RqSzNVY1BnbCt4MTBuSEhLZEtQTGVBVXFwaE50MXR4ZXNtL1JIaFBycXdmVXdKcjc4dERqTHNwVDdZUi9WazRBbWJiVHdRQjF2SENPK3ZPfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Mon, 22 Aug 2022 14:49:10 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1253
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1db433aa9a370b060d565022a2d9677476837d2536fa4dcad8373d28fffbad85

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=852a2a9d-ec07-453c-8575-48a3cc0cf64c%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=7a9d0dd9-fe76-43cd-b978-f37628c4c6f3&l_pb_bid_id=296f71665d1651a&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.07168153626284424
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
8799d31cc6650c1a38fc51a66d39da55cb8e8079a9ee154e6fe0c9988667bfef

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2233a381519ccbe67%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&s=e992f910-634c-4adb-9519-1435b67ad09c&pv=150a65ca-1d03-4fb7-9e76-1beddb43853d&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=new%2Ccoronavirusthemed%2Cmalspam%2Ccampaign%2Cdelivers%2Cformbook%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
4b1f1974d2b18c192e76ffaa2d06136b8e24de2afbc9d93c45928d6f58f89864
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-85
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.135.209.97 , France, ASN16276 (OVH, FR),
Reverse DNS
ip97.ip-5-135-209.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
hb
ssc.33across.com/api/v1/ 		0
0
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7a9d0dd9-fe76-43cd-b978-f37628c4c6f3&nocache=1661179750614&id5id=0&pubcid=852a2a9d-ec07-453c-8575-48a3cc0cf64c&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJz
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
0cce84869a2aa2e257d51142f79dcc030eb2cd262a2a332a04cab5c413c4b931

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
c4eb0eb6-adee-41ea-8c05-06e014ea5624
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
861eae97a5d4839882d73c90399118631d6ade6c51d06c0cb2d6d2d91813e895

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e06c349479d5f0baa6e04d9b3dadce00edd4f38d823a07bea7651160f0846d96

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
prebid
prebid.media.net/rtb/ 		1 KB
776 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
15d41ae296ec3b37172e443f4d1584d3a0360317d5a271eb71555bdfa96e6f00

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
/
hb.emxdgt.com/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661179750617&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.109.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-109-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0c3ccb31b3eb78bc0de9514f50798c82d83e23e09662209c8ec887f6a18c7289

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:10 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
content-length
6912
content-type
application/json
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
f61341c3b4f346e65b3dd2d39cfed8d126b8d34eb5bcd75ea299f85410d5f4c0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
v1
btlr.sharethrough.com/universal/ 		0
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.113.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-113-77.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Mon, 22 Aug 2022 14:49:10 GMT
Cache-Control
private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
hb
ssc.33across.com/api/v1/ 		0
0
/
hb.emxdgt.com/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1661179750626&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.109.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-109-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2751a8c27ad6371b1040e89fad16496918cf44fc9e9c451d0152a0eaf59f3d86

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:10 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
content-length
6928
content-type
application/json
v1
prg.smartadserver.com/prebid/ 		0
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
5.135.209.97 , France, ASN16276 (OVH, FR),
Reverse DNS
ip97.ip-5-135-209.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
trinity.json
apex.go.sonobi.com/ 		95 B
847 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2262bb473b04a5994%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&s=0c31d0f9-a4d1-4a81-871f-8c6b827fd6d2&pv=150a65ca-1d03-4fb7-9e76-1beddb43853d&vp=desktop&lib_name=prebid&lib_v=6.24.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22pubcid%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22852a2a9d-ec07-453c-8575-48a3cc0cf64c%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=new%2Ccoronavirusthemed%2Cmalspam%2Ccampaign%2Cdelivers%2Cformbook%2Cmalwaresecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.14 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
4b304b04bf5f5519a0df46b650721b3c1a0117c15c0e407f7f1aac56099fed0c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-38
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=852a2a9d-ec07-453c-8575-48a3cc0cf64c%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&tk_flint=pbjs_lite_v6.24.0-pre&x_source.tid=ef2e42cf-abc8-47ac-b268-663288351380&l_pb_bid_id=64eba15d720ed17&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5195055168171185
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
089029c8f5dd6673b0bf27c0ee50bc59cf19e6c34910cb631d580ceb156a4211

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.236.83.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-236-83-94.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f6db599c3b23f272a399cfc035ae0f151fcfce06999358cae67a383825e5386d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
bid
ap.lijit.com/rtb/ 		24 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.24.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
ed71987d2062401cca016c9a4e7df1747178cfa96534cf3e5e882fc071b50d38

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 22 Aug 2022 14:49:10 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
100 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ef2e42cf-abc8-47ac-b268-663288351380&nocache=1661179750629&id5id=0&pubcid=852a2a9d-ec07-453c-8575-48a3cc0cf64c&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJzJm15b3RoZXJrZXl3b3JkPW5ldyxjb3JvbmF2aXJ1c3RoZW1lZCxtYWxzcGFtLGNhbXBhaWduLGRlbGl2ZXJzLGZvcm1ib29rLG1hbHdhcmVzZWN1cml0eSxhZmZhaXJz
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
fd46bebecf8fb54cffbf3df0c8178896eb6ce1ece5942dcbf0ef80a3d296e65b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:10 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
0433356c-abb8-4e74-821b-67435346c7b1
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Mon, 22 Aug 2022 14:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/ 		1 KB
775 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
502e6a14f7ab09823b3a7e85060cac20804cd4650488c0ae9000e6c80805b9b3

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
jot
syndication.twitter.com/i/ Frame AC6F 		43 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661179750884%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22securityaffairs%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22securityaffairs%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221236008791893778434%22%5D%2C%22item_details%22%3A%7B%221236008791893778434%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
112
pragma
no-cache
last-modified
Mon, 22 Aug 2022 14:49:10 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
c2a5d85f0984e2bf7125ffbc0027112d09ca57b7b11e38aaecd897af4d84e258
x-transaction
34cf48375382899b
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
ads.us.e-planning.net/uspd/1/ Frame 7E77
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
4988b57db5d0bb041c8543b0facf2fdf341b9cdb2f4270efbeb03ac62cefa91b

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
expires
Mon, 22 Aug 2022 14:49:11 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
IAD-1212

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Mon, 22 Aug 2022 14:49:11 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
IAD-1212
BPp7B47T_normal.png
pbs.twimg.com/profile_images/526793652673064960/ Frame AC6F 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/526793652673064960/BPp7B47T_normal.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6a108e0af8fe6848b275a2827822879e528159c28a6f189f18288ab169abad78
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Mon, 27 Oct 2014 17:50:48 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
HIT, HIT
server-timing
x-cache;desc=HIT, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
5303
x-served-by
cache-lhr7379-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
EScs880WsAc5vld
pbs.twimg.com/media/ Frame AC6F 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/EScs880WsAc5vld?format=jpg&name=240x240
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ef21dc5e252a966b014e2a28730b49097b68de8ee094cb3f33b5b52c8d15770
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:07:40 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
8504
x-served-by
cache-lhr7358-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
ESctNF7XQAAuD6q
pbs.twimg.com/media/ Frame AC6F 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/ESctNF7XQAAuD6q?format=jpg&name=120x120
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0e5def49d19532c8f3f167875ca076d31475e4ac52cfa179f3dfd91f4000a9d1
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:08:46 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
3519
x-served-by
cache-lhr7374-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
ESctXkpXkAIwJCo
pbs.twimg.com/media/ Frame AC6F 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/ESctXkpXkAIwJCo?format=png&name=120x120
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f1b2915531e8fbc0f616d0cb47c1809912115767b7cf124a04dcdc832f0f9bea
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:09:29 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
2590
x-served-by
cache-lhr7334-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
EScs880WsAc5vld
pbs.twimg.com/media/ Frame AC6F 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/EScs880WsAc5vld?format=jpg&name=small
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d49ec9e53493eae7a727c75a865697f708943f1f2e87f93a0606b0edb6a4e94e
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:07:40 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
53367
x-served-by
cache-lhr6620-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
ESctNF7XQAAuD6q
pbs.twimg.com/media/ Frame AC6F 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/ESctNF7XQAAuD6q?format=jpg&name=240x240
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
271f1faf657491123e73c338bc33b35eea055b02906447d7fe48cdd2b1bafbe1
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:08:46 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
10178
x-served-by
cache-lhr7381-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
ESctXkpXkAIwJCo
pbs.twimg.com/media/ Frame AC6F 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/media/ESctXkpXkAIwJCo?format=png&name=240x240
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::159 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5157b47c8fe5d1fcf9efd14b9281c2fbd995d62c83a5cc020872b6a3ffcc6a6e
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=631138519
x-content-type-options
nosniff
last-modified
Fri, 06 Mar 2020 19:09:29 GMT
date
Mon, 22 Aug 2022 14:49:11 GMT
x-tw-cdn
FT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-cache
MISS, MISS
server-timing
x-cache;desc=MISS, x-tw-cdn;desc=FT
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
content-length
7972
x-served-by
cache-lhr7354-LHR, cache-hhn11557-HHN, cache-tw-ZZZ1
jot
syndication.twitter.com/i/ Frame AC6F 		43 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661179751070%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22securityaffairs%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22securityaffairs%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221236008791893778434%22%5D%2C%22item_details%22%3A%7B%221236008791893778434%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
119
pragma
no-cache
last-modified
Mon, 22 Aug 2022 14:49:11 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
c2a5d85f0984e2bf7125ffbc0027112d09ca57b7b11e38aaecd897af4d84e258
x-transaction
1dd5feb0493dfb1b
expires
Tue, 31 Mar 1981 05:00:00 GMT
jot
syndication.twitter.com/i/ Frame AC6F 		43 B
170 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1661179751079%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22securityaffairs%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22securityaffairs%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2ce14a46402b%3A1660602685002%22%2C%22item_ids%22%3A%5B%221236008791893778434%22%5D%2C%22item_details%22%3A%7B%221236008791893778434%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A871.7999992370605%7D&dnt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
110
pragma
no-cache
last-modified
Mon, 22 Aug 2022 14:49:11 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
c2a5d85f0984e2bf7125ffbc0027112d09ca57b7b11e38aaecd897af4d84e258
x-transaction
4fc2ac460d5ffdc7
expires
Tue, 31 Mar 1981 05:00:00 GMT
ptag
a.audrte.com/ Frame 7E77 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.23.73.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-73-66.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
a2a4bcc0ff6ec2e93665ca349245daca8f8d51ff983cd738c1377088aabba457

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:11 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1682
um
u-iad04.e-planning.net/ Frame 7E77
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D09de213fc268a926%26uid%3D%24UID
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=09de213fc268a926&uid=5426787210987735875
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=09de213fc268a926&uid=5426787210987735875
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
f8c52dc9-1d93-404b-b9cc-bf6805189648
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=09de213fc268a926&uid=5426787210987735875
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us
sync.go.sonobi.com/ Frame 7E77
Redirect Chain
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3D09de213fc268a926%26uid%3D%24UID&partner=eplanning
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fdc%253De64f73568d2b3c34%2526f...
0
0
usync.html
eus.rubiconproject.com/ Frame 60B8
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 Aug 2022 14:49:11 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Mon, 22 Aug 2022 14:49:11 GMT
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
server
AkamaiGHost
usermatch
r.casalemedia.com/ Frame B505
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D
  • https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c85c5201cc6d09a962f6911c31de5888934a421dc30a2a7737410d8cfc0084ff

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73ec69e80d8b91ed-FRA
content-encoding
br
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
dropped-udsids
45|241|230|39|46|57|218|13
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vFTqY2c0FATpGP2mLMyBYLAQ0hCi0vGNyGB1YEKEV0MbNJUvsMrxZiMhy%2FJvLR1FAX3eytnoVKJSY9CWKl5MaQnt%2FeIY9qS1m4XNKCcMtLLX0gDgBpSm%2BAZEsuwkSz5kFcN"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
73ec69e77fb2696f-FRA
content-type
text/html; charset=iso-8859-1
date
Mon, 22 Aug 2022 14:49:11 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
location
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdJ5tLIxC0DY9fRv1SCuJiCuE89ykdDRuk%2FHK1T6IJX%2F2HU0c9HBPiwrmlAhG%2F9FKNfAkdtDaT%2FBXV6tRTBEtuSwKMK9FJlKhYca2pWaJRTdgZ0h8JhakFcfPGVPzyD5tzNSNn2p"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 5B3B 		1 KB
987 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
0
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Mon, 22 Aug 2022 14:49:12 GMT
etag
W/"61ddbb71-5f5"
expires
Sun, 10 Jan 2027 17:30:12 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-rand
58.812
x-cf-tsc
1641922213
x-cf1
29080:dA.waw1:co:1585621119:cacheN.waw1-01:D
x-cf2
H
x-cf3
M
x-cff
B
/
onetag-sys.com/usync/ Frame 269E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame DD71 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78d5c0fe08b1ea8d12bea9af3d064f9c5cdb123e6e14e04ed99c1e50ced12d90

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
73ec69e6b9550211-ZRH
content-encoding
br
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
getuid
ib.adnxs.com/ Frame DD71 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame DD71 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=9423c018-2b01-4121-bb07-0e53ac9e7080&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=9423c018-2b01-4121-bb07-0e53ac9e7080&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e7eb1d0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=9423c018-2b01-4121-bb07-0e53ac9e7080&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame DD71 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame DD71 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame DD71 		0
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-vcl-time-ms
24
date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 varnish
server
nginx
x-timer
S1661179752.611831,VS0,VE24
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-mxp6933-MXP
u
dmp.v.fwmrm.net/ad/ Frame DD71 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:6593:f608:78e4:ddc4:e083:81a6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame DD71 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=847f45e4-b56b-44f7-8370-a69ba1c2e40b&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=847f45e4-b56b-44f7-8370-a69ba1c2e40b&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e91cde0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=847f45e4-b56b-44f7-8370-a69ba1c2e40b&zpartnerid=317&gdpr=1&gdpr_consent=
pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=21411590077400549173960144446080830552&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=21411590077400549173960144446080830552&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69ee9e3b0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-1-v038-014595e4a.edge-irl1.demdex.com 10 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
WdX4AiLyTbY=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=21411590077400549173960144446080830552&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame DD71 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022082300-52859-0.981053001661205862-494cf3dce7dddb2f70118320da8f3001&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022082300-52859-0.981053001661205862-494cf3dce7dddb2f70118320da8f3001&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e83b850211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022082300-52859-0.981053001661205862-494cf3dce7dddb2f70118320da8f3001&zdid=533&env=mWeb
Date
Mon, 22 Aug 2022 22:04:22 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7134712703347587220&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7134712703347587220&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e82b720211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7134712703347587220&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Date
Mon, 22 Aug 2022 14:49:11 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
receive
pixel.tapad.com/idsync/ex/ Frame DD71 		95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=8CL0xEr15q48CDFQ9ZN/fe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-41...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=8CL0xEr15q48CDFQ9ZN/fe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e8ec960211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:10 GMT
via
1.1 google
last-modified
Mon, 22 Aug 2022 14:49:11 GMT
server
Weborama Collect Frontend
location
https://mwzeom.zeotap.com/mw?webouuid=8CL0xEr15q48CDFQ9ZN/fe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame DD71 		0
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.83 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventTyp...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eve...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d1...
95 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69eb185b0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:12 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&gdpr=1&gdpr_consent=&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
expires
0
cache-control
no-cache
x-server
10.40.32.211
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-zL1zhXRE2opSfn7DqZB1heNMlSZ_2yWUWA--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-zL1zhXRE2opSfn7DqZB1heNMlSZ_2yWUWA--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e93d1d0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
http/1.1 spdc0102.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-zL1zhXRE2opSfn7DqZB1heNMlSZ_2yWUWA--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MJVNGQ3ZcbEWpvBjA0VoOc%2FWI2Clx7Pb%2BS41iYitP1U%3D
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MJVNGQ3ZcbEWpvBjA0VoOc%2FWI2Clx7Pb%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69e75a530211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
AAWebServer
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MJVNGQ3ZcbEWpvBjA0VoOc%2FWI2Clx7Pb%2BS41iYitP1U%3D
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
usermatch.gif
beacon.krxd.net/ Frame DD71 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.73.80.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
private, no-cache, no-store
x-request-time
D=28 t=1661179751
x-served-by
beacon-n017-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame DD71 		95 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.236.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.225.236.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
cQZGoH6Q
sync-tm.everesttech.net/upi/pid/ Frame DD71 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 varnish
server
Varnish
x-timer
S1661179752.826732,VS0,VE0
x-cache
MISS
cache-control
no-cache
x-cache-hits
0
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4035-HHN
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=3bb86303-9767-4d00-b3c3-7bebb0fc0705&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f603437...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=3bb86303-9767-4d00-b3c3-7bebb0fc0705&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69eb68cd0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Mon, 22 Aug 2022 14:49:12 GMT
Server
MT3 4494 7cf1da7 master zrh-pixel-x25 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=3bb86303-9767-4d00-b3c3-7bebb0fc0705&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Mon, 22 Aug 2022 14:49:11 GMT
usermatch.gif
beacon.krxd.net/ Frame DD71
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc1...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
54.73.80.98 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-80-98.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
cache-control
private, no-cache, no-store
x-request-time
D=26 t=1661179752
x-served-by
beacon-n013-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
date
Mon, 22 Aug 2022 14:49:12 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a020-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame DD71
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8F0NG0094E8VE0WJZ07T
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
SHK49SANGT2BQWWFVD7C
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame DD71
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
V84V6X0T031PMXQ358GJ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8CHXDXPRVMP5TWX50RKT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame DD71 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.202.52.216 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-202-52-216.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame DD71
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
73ec69ec2a0e0211-ZRH
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
date
Mon, 22 Aug 2022 14:49:12 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame DD71 		557 B
472 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dcb656c2ba0901b9af854789f42041a8c55367fcc2e91373467f3f19d37ce2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73ec69e73a230211-ZRH
date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
cmp
spl.zeotap.com/ Frame DD71 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
73ec69e78a990211-ZRH
date
Mon, 22 Aug 2022 14:49:11 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
usync.js
eus.rubiconproject.com/ Frame 60B8 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=38435
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 01:29:46 GMT
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 60B8 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&khaos=L74VJ6ZW-K-1IBU
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
ad49a0f18e050afeb6359164ab3bd56e
Content-Type
image/gif
crum
dsum-sec.casalemedia.com/ Frame B505
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YwOXZ-nR7iLTmT95w3.6RwAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGaz1ufLpFhm_vnLv7H85J8&google_cver=1&gdpr=1&google_hm=2
43 B
949 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGaz1ufLpFhm_vnLv7H85J8&google_cver=1&gdpr=1&google_hm=2
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73ec69e94f73bb85-FRA
pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atd9ED8WmHKz6rBhfGhZAkLtmm1Rucwqn42FbHI4E%2BhklL3skA%2FI6JjUKmRI7R%2F8o9jt9e8sdOJ7QMbVsG%2F%2BtPfApsVJd0NR8AacsfvWkxqZ%2B%2B3BksfEPoSzjyUHFoP9LhR0qDyS2UcqJA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGaz1ufLpFhm_vnLv7H85J8&google_cver=1&gdpr=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
341
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame B505
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB&dcc=t
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1XWPCF6NJDJSYGFS3FXF
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FVTWKEDD0JDPGNRAJ36W
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B505 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YwOXZ_nR7iLTmT95w3-6RwAABJUAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame B505 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
getuid
secure.adnxs.com/ Frame B505 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame B505
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5133329522125289937
43 B
908 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5133329522125289937
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73ec69ea0892bb85-FRA
pragma
no-cache
date
Mon, 22 Aug 2022 14:49:12 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2BpRScfFKURN%2BhwmkSg6RFBunnQKlMhqiobKwTOAGJ4g436uGt4x0mjaqet9EVjQor7snbgm%2F4S1JLYZ9QO25BQQ470ecOUIqKmxsUDMy2gDZct4LrRFiqcsfvB9AjPERqZdIJGDxf2pNw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5133329522125289937
Date
Mon, 22 Aug 2022 14:49:11 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ibs:dpid=23728&dpuuid=YwOXZ-nR7iLTmT95w3.6RwAA%261173
dpm.demdex.net/ Frame B505 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YwOXZ-nR7iLTmT95w3.6RwAA%261173?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.150.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-150-101.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
crum
dsum-sec.casalemedia.com/ Frame B505
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
43 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray
73ec69f74df5bb85-FRA
pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8Z2T3FMDndSyN7wOS%2FASA%2FEe9FbHGGTxIfdz1Lq70%2FrmcPh6cIOmgE1EjsmysecbCcUfoyKtS5tDH4%2BS3TK75qUE1ruA6H3GRRKxKLDJ8VkJrkS5aeNI43i%2Fy5nKRqYnzfRHm86QNGgFA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date
Mon, 22 Aug 2022 14:49:14 GMT
access-control-allow-credentials
true
x-powered-by
Express
content-length
0
vary
Origin
keep-alive
timeout=5
um
u-iad04.e-planning.net/ Frame B505 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-iad04.e-planning.net/um?dc=99e41df815fd80b4&fi=09de213fc268a926&uid=YwOXZ-nR7iLTmT95w3.6RwAA%261173
Requested by
Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D09de213fc268a926%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://r.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
server
openresty
content-type
image/gif
tap.php
pixel.rubiconproject.com/ Frame 60B8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEG-RyiDCcL6MRA6zE-QIK6c&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEG-RyiDCcL6MRA6zE-QIK6c&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEG-RyiDCcL6MRA6zE-QIK6c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 60B8
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=gJZhWKAUTLacyIyfYiXheg&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=gJZhWKAUTLacyIyfYiXheg
43 B
797 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=gJZhWKAUTLacyIyfYiXheg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Y1VXCPZ6E2ZK9639H1E2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=gJZhWKAUTLacyIyfYiXheg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame 60B8
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Yq8u8JbnTsy_HIdr5Cj_iQ&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Yq8u8JbnTsy_HIdr5Cj_iQ
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Yq8u8JbnTsy_HIdr5Cj_iQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
K3QXNE79VX0PRZTE980B
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Yq8u8JbnTsy_HIdr5Cj_iQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 60B8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTkwYzdlNDcwOTQ3MTI0Mjg0MDZkNTQ5YmU0NTJjZTUxYTVhMzM3YQ
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTkwYzdlNDcwOTQ3MTI0Mjg0MDZkNTQ5YmU0NTJjZTUxYTVhMzM3YQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MTkwYzdlNDcwOTQ3MTI0Mjg0MDZkNTQ5YmU0NTJjZTUxYTVhMzM3YQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 60B8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L74VJ6ZW-K-1IBU
0
707 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L74VJ6ZW-K-1IBU
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:11 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 79B5E6A58989418D8431F3C649BFBA72 Ref B: FRAEDGE1413 Ref C: 2022-08-22T14:49:11Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXm1Y0GvHUnB++A3ISQ5g==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L74VJ6ZW-K-1IBU
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 60B8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L74VJ6ZW-K-1IBU&sigv=1&esig=2~09f90502f6b4c823e032321d758d5759fbb0abd6
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L74VJ6ZW-K-1IBU&sigv=1&esig=2~09f90502f6b4c823e032321d758d5759fbb0abd6
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:12 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L74VJ6ZW-K-1IBU&sigv=1&esig=2~09f90502f6b4c823e032321d758d5759fbb0abd6
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 60B8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc0Vko2WlctSy0xSUJV
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc0Vko2WlctSy0xSUJV
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:11 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDc0Vko2WlctSy0xSUJV
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
esync
token.rubiconproject.com/ Frame 60B8
Redirect Chain
  • https://id.rlcdn.com/709414.gif
  • https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Mon, 22 Aug 2022 14:49:11 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
lotame20220804.html
s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/ Frame 5119 		627 B
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
etag
W/"62ec189b-273"
expires
Sat, 21 Aug 2027 14:49:11 GMT
last-modified
Thu, 04 Aug 2022 19:06:03 GMT
server
openresty
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame C9B7 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Rijswijk, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
etag
W/"601b131c-27c"
expires
Sat, 21 Aug 2027 14:49:11 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
sync
vid.vidoomy.com/ Frame 90E0 		49 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D09de213fc268a926%26uid%3D%7B%7BVID%7D%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-type
text/html
date
Mon, 22 Aug 2022 14:49:12 GMT
etag
W/"61c991db-c5bc"
last-modified
Mon, 27 Dec 2021 10:13:47 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
Abk73BBXiPCh
x-77-nzt-ray
vYTSHdYDCYk
x-77-pop
frankfurtDE
x-accel-expires
@1662216552
x-cache
MISS
setuid
prebidserver.pixfuture.com/ Frame 7AE8 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ADaFV2WeGcJR72yw
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Mon, 22 Aug 2022 14:49:11 GMT
expires
0
pragma
no-cache
vary
Origin
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame 5119 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/823cbe91964ba8ec/lotame20220804.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 11:54:21 GMT
content-encoding
gzip
etag
W/"fdcd13007d5be3c218bd461a6aad998b"
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
age
10492
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 27f665df26bde4a7226480b4a2890ff8.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
mNmGnUioQWms3FNz7wq4H5fPruQnYLGyN_nlIBHO5wQ4yegJXGRLwA==
GS.d
js.cookieless-data.com/ Frame C9B7 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1661179751955
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.83.160.162 , France, ASN12876 (Online SAS, FR),
Reverse DNS
212-83-160-162.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:12 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame 5119 		155 B
629 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 00:05:23 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
age
53030
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
c-PR_IUtO_BMnFJCRUw40CE-Pdo4S0ToT8xqmfQT6RlPR8cicgR0wQ==
data
bcp.crwdcntrl.net/6/ Frame 5119 		20 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.205.219.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-219-62.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://s.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:12 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://s.e-planning.net
expires
0
cache-control
no-cache
x-server
10.40.3.124
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
20
x-consent
absent
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 32EF 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
614c0f3e69541038153378ca34e655f748974e4546b83cc5b4aae4b7106f84a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40308
x-xss-protection
0
server
cafe
etag
806666164835983777
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:13 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 486E 		118 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5da4c36aab72eaf9406ae90eead4d412af557116eb77a4e2d6f56e8d20c46a4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40301
x-xss-protection
0
server
cafe
etag
1859727858707600466
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:13 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1088 		118 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5da4c36aab72eaf9406ae90eead4d412af557116eb77a4e2d6f56e8d20c46a4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40301
x-xss-protection
0
server
cafe
etag
1859727858707600466
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:13 GMT
um
u-iad04.e-planning.net/ Frame 90E0 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-iad04.e-planning.net/um?dc=3ab023ac29ea5990&fi=09de213fc268a926&uid=a6f37f0123013099a595be2217fc435a
Requested by
Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D09de213fc268a926%26uid%3D%7B%7BVID%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://vid.vidoomy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Mon, 22 Aug 2022 14:49:13 GMT
server
openresty
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/ Frame 32EF 		342 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0d2d15d0a2f9ec4eef980a541ea55d9de9c6fc96736f7c1d248d3e971b61d5b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122962
x-xss-protection
0
server
cafe
etag
15214029067895071189
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/ Frame 486E 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b15611490bb46eb30ea3e16569b9d7853848040e2216fe427ad86086a07fa94a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122625
x-xss-protection
0
server
cafe
etag
169776763506316998
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/ Frame 1088 		341 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68519228e434605b231a755ef888366a63fdab471a63db9795b74802529717e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122626
x-xss-protection
0
server
cafe
etag
16728885645023042582
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:49:13 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 32EF 		222 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
5075af60bc35c1ca6aaf3ae48406bdccff363064352a37c32774a2f19d0671fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
203
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 32EF 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 32EF 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame BF5E
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696133&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 14:49:14 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 486E 		222 B
278 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
4e0dec83cbe0e5fe48a2036b6ae7291440a33c79689511315b61d13446c464bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
210
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 486E 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 486E 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 8777
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696130&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 14:49:14 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 1088 		12 B
53 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548&cookie=ID%3D5d64b67e0435ebd1-22d3ee6bfdcd00c2%3AT%3D1661179754%3ART%3D1661179754%3AS%3DALNI_MbcYE-EIVQOt0Yzt7PzekCrmDXtaQ
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 1088 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 1088 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
afr.php
served-by.pixfuture.com/www/delivery/ Frame 89F7
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1480696131&pi=t.ma~as.Internal_300x250_0._&w=300&lm...
  • https://served-by.pixfuture.com/www/delivery/afr.php
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/afr.php
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800 public, no-transform
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 14:49:14 GMT
pragma
no-cache
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
location
https://served-by.pixfuture.com/www/delivery/afr.php
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 32EF 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220817&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0a42c253f9d455fd1fbf10c58d664bc5fd724b95fc27cb8e436df1639bdb6b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11037
x-xss-protection
0
pd
u.openx.net/w/1.0/ Frame EADA 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 22 Aug 2022 14:49:14 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
check.html
biddr.brealtime.com/ Frame 3828 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
1101
CF-Cache-Status
HIT
CF-RAY
73ec69fa4de09048-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 22 Aug 2022 15:49:14 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
TZDfxO4uwORNUA/4irnRs9qqp9lI3eH+ruz8qqqAX5jBwgQ1rzgBbhsPKs2FgAnYzrbwWSW5JnM=
x-amz-request-id
15DYQDFYDGXZWWWF
usync.html
eus.rubiconproject.com/ Frame 4B53 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 22 Aug 2022 14:49:14 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6C84 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.200 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=35515
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 23 Aug 2022 00:41:09 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame CFFF 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.188 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
ETag
"623de86a-cf34"
Expires
Tue, 23 Aug 2022 14:49:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 6417 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.188 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
ETag
"623de86a-cf34"
Expires
Tue, 23 Aug 2022 14:49:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame BC07 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.200 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=35515
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 23 Aug 2022 00:41:09 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 20D5 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 22 Aug 2022 14:49:14 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
/
ssc-cms.33across.com/ps/ Frame E0A3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip22.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
server
33XP004
x-33x-status
2000208
check.html
biddr.brealtime.com/ Frame F681 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
4694
CF-Cache-Status
HIT
CF-RAY
73ec69fa4d0991db-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 22 Aug 2022 15:49:14 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
ozLLefD0knKZ2yMzZ7EA3qLK8cSPeKdEpQT28HMOVUE2s5XW77p+1QkMqhU1tUmLZbb1zAjl4MU=
x-amz-request-id
GNVBWB8PQV5H0AVC
check.html
biddr.brealtime.com/ Frame 55DE 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
3118
CF-Cache-Status
HIT
CF-RAY
73ec69fa48b468f7-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Mon, 22 Aug 2022 15:49:14 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
checksync.php
contextual.media.net/ Frame AC4E 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
67cd276aed895d8b704773d1a8fd78dbba68c623e89957feaddd1e78956269d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=128788
content-encoding
gzip
content-length
8306
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 02:35:42 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame 593E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.188 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Mon, 22 Aug 2022 14:49:14 GMT
ETag
"623de86a-cf34"
Expires
Tue, 23 Aug 2022 14:49:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame FE69 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
67cd276aed895d8b704773d1a8fd78dbba68c623e89957feaddd1e78956269d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=128788
content-encoding
gzip
content-length
8306
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 02:35:42 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C111 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.184.200 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=35515
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 23 Aug 2022 00:41:09 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 4143 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Mon, 22 Aug 2022 14:49:14 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame B89A 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.51.8.30 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-30.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
67cd276aed895d8b704773d1a8fd78dbba68c623e89957feaddd1e78956269d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=128788
content-encoding
gzip
content-length
8306
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Wed, 24 Aug 2022 02:35:42 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:14 GMT
usync.js
eus.rubiconproject.com/ Frame 4B53 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 17 Aug 2022 13:55:35 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=38432
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9442
Expires
Tue, 23 Aug 2022 01:29:46 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 486E 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220817&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b0a8418337f000e0cd89f94459b8938d06f73a83ffd6c4b7850a6c08b865a084
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10982
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 1088 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220817&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a556e222989f6f4fc5a31956eedb06ce88c77876d152697eeb489383bdf20c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11104
x-xss-protection
0
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:14 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 486E 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 14:49:14 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 6C84 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=8236662&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
60427d8f3a4bdd713fa1bd0939e9004dd46f265d2fa784a4647456584cb8ba41

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 32EF 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069050
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 14:49:14 GMT
async_usersync
ib.adnxs.com/ Frame CFFF 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:14 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
3b0eead4-ea61-4641-9a1e-34ead0bcc5a9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 593E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:14 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
110eee6e-7934-4852-bbff-c49ec106e610
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 6417 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:14 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
b7644816-479a-484f-9cf7-f81d695649ad
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame A64B
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
35 B
476 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 13E4
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5185508362693586694
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5185508362693586694
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5185508362693586694
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 91E8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3bb86303-9767-4d00-b3c3-7bebb0fc0705&gdpr=0&gdpr_consent=
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3bb86303-9767-4d00-b3c3-7bebb0fc0705&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 04:02:22 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Mon, 22 Aug 2022 14:49:15 GMT
Expires
Mon, 22 Aug 2022 14:49:14 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4494 7cf1da7 master hkg-pixel-x20 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:3bb86303-9767-4d00-b3c3-7bebb0fc0705&gdpr=0&gdpr_consent=
usersync.aspx
dis.criteo.com/dis/ Frame 3ED8 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Mon, 22 Aug 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
567734
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
Pug
simage2.pubmatic.com/AdServer/ Frame 4170
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7134712703347587220
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7134712703347587220
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Date
Mon, 22 Aug 2022 14:49:14 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7134712703347587220
Server
nginx
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
bridge
cm.adgrx.com/ Frame 09FC 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.245.179 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Mon, 22 Aug 2022 14:49:14 GMT
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Pragma
no-cache
X-RealServer-NX
ams-delivery-7
server
Cowboy
Pug
simage2.pubmatic.com/AdServer/ Frame 4BB3
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=6KVAMwYbStdNQtVHqhIC-9lAl0U
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=6KVAMwYbStdNQtVHqhIC-9lAl0U
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Mon, 22 Aug 2022 14:49:15 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=6KVAMwYbStdNQtVHqhIC-9lAl0U
b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame 0208 		0
0
services
sync.technoratimedia.com/ Frame 9769
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCb0trN0dCeThBQUE3TW9xZGhKdw&bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csyn%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABoKk7GBy8AAA7MoqdhJw&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsyn%252Csas%252Cpm%26bee_sync_current_partne...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=syn%2Csas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABoKk7GBy8AAA7MoqdhJw&pid=558502&do=add
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABoKk7GBy8AAA7MoqdhJw&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsy...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABoKk7GBy8AAA7MoqdhJw&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
150.136.25.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
POST,GET,HEAD,OPTIONS
access-control-allow-origin
https://ads.pubmatic.com/
age
0
date
Mon, 22 Aug 2022 14:49:16 GMT
server
nginx
via
1.1 varnish
x-varnish
107963563

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 22 Aug 2022 14:49:15 GMT
Server
nginx
location
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AABoKk7GBy8AAA7MoqdhJw&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3
strict-transport-security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 2ADB
Redirect Chain
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:13 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
73ec69fb8bb6cc56-ZRH
content-length
0
date
Mon, 22 Aug 2022 14:49:14 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
server
cloudflare
generic
match.adsrvr.org/track/cmf/ Frame D6DC
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1661179754823
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5897164721
70 B
264 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5897164721
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Mon, 22 Aug 2022 14:49:14 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Mon, 22 Aug 2022 14:49:14 GMT
etag
RXce715181e84e4902af241a994ef3fef1003
expires
0
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5897164721
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
pragma
no-cache
i.match
s.tribalfusion.com/z/ Frame CA16
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
425 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:230b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
73ec69fcfe880219-ZRH
content-length
43
content-type
image/gif; charset=utf-8
date
Mon, 22 Aug 2022 14:49:15 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
73ec69fb9c3a0219-ZRH
content-type
text/html
date
Mon, 22 Aug 2022 14:49:15 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
490
pub
matching.truffle.bid/sync/ Frame D03E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://matching.truffle.bid/sync/pub?sid=161&suid=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDQmdGw9MjAxNjA=&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.161.54.172 , Germany, ASN213230 (HETZNER-CLOUD2-AS, DE),
Reverse DNS
static.172.54.161.5.clients.your-server.de
Software
nginx/1.23.1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Date
Mon, 22 Aug 2022 14:49:15 GMT
Server
nginx/1.23.1
Strict-Transport-Security
max-age=15768000
Pug
image2.pubmatic.com/AdServer/ Frame F5B2
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=5fc8dc8fd9d91ece/gdpr=/gdpr_consent=?https%3A%2F%2Fpixel-eu.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3...
  • https://pixel-eu.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=&redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=uroLIz3lVMjSQjSMQRQRbnjn
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=uroLIz3lVMjSQjSMQRQRbnjn
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:15 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=uroLIz3lVMjSQjSMQRQRbnjn
cookiesync
core.iprom.net/ Frame 142A 		43 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Mon, 22 Aug 2022 14:49:14 GMT
Vary
Accept-Encoding
X-adserver-worker
erebus-7d7c846c65f1@version_1.522v2
X-core-time
1ms
X-server-arch
v2
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame F346
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6a733ca2-db5e-4642-aba1-90e43f0f6775-tuct9fd1cea&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
147 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6a733ca2-db5e-4642-aba1-90e43f0f6775-tuct9fd1cea&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
0
date
Mon, 22 Aug 2022 14:49:14 GMT
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4078-HHN
x-timer
S1661179755.904445,VS0,VE9

Redirect headers

accept-ranges
bytes
content-length
0
date
Mon, 22 Aug 2022 14:49:14 GMT
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6a733ca2-db5e-4642-aba1-90e43f0f6775-tuct9fd1cea&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6933-MXP
x-timer
S1661179755.765459,VS0,VE26
x-vcl-time-ms
26
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6C84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=dtn5ePDmQNiYWyT7Hzz9Aw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
2.21.184.200 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-184-200.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=35515
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Tue, 23 Aug 2022 00:41:09 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=3bb86303-9767-4d00-b3c3-7bebb0fc0705
0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=3bb86303-9767-4d00-b3c3-7bebb0fc0705
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 22 Aug 2022 14:49:15 GMT
Server
MT3 4494 7cf1da7 master hkg-pixel-x2 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=3bb86303-9767-4d00-b3c3-7bebb0fc0705
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 22 Aug 2022 14:49:14 GMT
generic
match.adsrvr.org/track/cmf/ Frame 6C84
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=0dcd718a92388644/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
content-length
0
Pug
image2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzZEOUY5NzgtRjBFNi00MEQ4LTk4NUItMjRGQjFGM0NGRDAz&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJpj5CQbMamTBdv-OTyCX6Y&google_cver=1
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJpj5CQbMamTBdv-OTyCX6Y&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJpj5CQbMamTBdv-OTyCX6Y&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 6C84 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b6.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Sun, 21 Aug 2022 14:49:14 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6118872269947435853
0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6118872269947435853
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6118872269947435853
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 6C84 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pug
image2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5426787210987735875&gdpr=0&gdpr_consent=
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5426787210987735875&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:14 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
94e933c1-79ee-4daa-952c-4d91b861ae96
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5426787210987735875&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
76D9F978-F0E6-40D8-985B-24FB1F3CFD03
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6C84 		43 B
996 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/76D9F978-F0E6-40D8-985B-24FB1F3CFD03?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:a43d:cfec:dc69:3aee Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-CaXI_KNE2uVTeZBRoLc2mAOFqkoaFpk-~A&gdpr=0&gdpr_consent=
0
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-CaXI_KNE2uVTeZBRoLc2mAOFqkoaFpk-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-CaXI_KNE2uVTeZBRoLc2mAOFqkoaFpk-~A&gdpr=0&gdpr_consent=
date
Mon, 22 Aug 2022 14:49:15 GMT
server
ATS/9.1.10.25
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=PhCRITEUl3AlEsUjOBGMKmxAxSslF5QmakaOgZLw
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=PhCRITEUl3AlEsUjOBGMKmxAxSslF5QmakaOgZLw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=PhCRITEUl3AlEsUjOBGMKmxAxSslF5QmakaOgZLw
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=pubmatic&bidswitch_custom_parameter=60e5e19e-6eae-43ec-a913-65bccdff6792
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=c55232f2aaac8a22d3e15295c41a5116&expires=30&ssp=pubmatic&bsw_param=60e5e19e-6eae-43ec-a913-65bccdff6792
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=&gdpr_pd=
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 22 Aug 2022 14:49:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
current
pubmatic-match.dotomi.com/match/bounce/ Frame 6C84 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9059802306217042661&gdpr=0&gdpr_consent=&us_privacy=
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9059802306217042661&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 01:35:21 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9059802306217042661&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:e6e86dce-67c3-4e53-a59b-f5ae2ba5cd44&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:e6e86dce-67c3-4e53-a59b-f5ae2ba5cd44&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 01:38:43 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:e6e86dce-67c3-4e53-a59b-f5ae2ba5cd44&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Mon, 22 Aug 2022 14:49:14 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 6C84 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:14 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6C84
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5426787210987735875
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5426787210987735875
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:13 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:14 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
8ea2d7bb-103b-4690-9aba-3f595c309146
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=5426787210987735875
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 1088 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 14:49:14 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D948 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2998
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 13:59:16 GMT
expires
Tue, 22 Aug 2023 13:59:16 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 06FF 		783 B
738 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
aa7e03b006fc826dbe8a9693c0e4e5bbac99fce3ad13ee590f81c4dcae14e2d5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-eMdxn7D_aRtiiy1zlOhZnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-eMdxn7D_aRtiiy1zlOhZnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Mon, 22 Aug 2022 14:49:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 139E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2998
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 13:59:16 GMT
expires
Tue, 22 Aug 2023 13:59:16 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame CAB2 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e4b5b4338b9a39f415053330921fb2e963830b2f453ace7dab2ca2d1c6a6cb2a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-5lQnrQXisrPEXjZMB5j_8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-5lQnrQXisrPEXjZMB5j_8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Mon, 22 Aug 2022 14:49:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
pagead2.googlesyndication.com/bg/ Frame 139E 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 22:57:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
57075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14118
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 22:57:59 GMT
oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
pagead2.googlesyndication.com/bg/ Frame D948 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 22:57:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
57075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14118
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 22:57:59 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0475 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2998
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 13:59:16 GMT
expires
Tue, 22 Aug 2023 13:59:16 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame BB94 		783 B
533 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2dee37e8314f5eaf69698b420ef988d7898afb7d1a1ade7da32ec6fa606354b5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0wfzeVE0LyzH_p0qScUlug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-0wfzeVE0LyzH_p0qScUlug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:14 GMT
expires
Mon, 22 Aug 2022 14:49:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar
pagead2.googlesyndication.com/pagead/ Frame CAB2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220817&jk=4211723687454961&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame 06FF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220817&jk=1232684794847123&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
pagead2.googlesyndication.com/bg/ Frame 0475 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 22:57:59 GMT
content-encoding
br
x-content-type-options
nosniff
age
57075
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14118
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Aug 2023 22:57:59 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame BB94 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220817&jk=3250107562091484&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 139E 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?-dqkEg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame D948 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?GlFU0g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 0475 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?I2o6cg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:15 GMT
320x50.png
cdn.pixfuture.com/banners/ Frame EB11 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/320x50.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
96122
content-length
20836
last-modified
Tue, 02 Feb 2021 21:40:24 GMT
server
cloudflare
etag
"6019c6c8-5164"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWWV0MQyO5rRohKdDehErlC2pYpG0QAv9mg2NdVyNj8StVPz8Bq7EaZJFxUiTdXPF%2FfhGBRAmiThpGmJc%2FhNk0%2BvO9hQkwu6eRKkvTDf6iV56yMbxlrJSm19rT%2Binwmi%2B6bDVSwSsb8%2FrGAdnzIC"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=172800, no-transform
accept-ranges
bytes
cf-ray
73ec6a003fb2ba9d-MXP
expires
Tue, 23 Aug 2022 11:52:42 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 486E 		0
0
/
track.adform.net/adfscript/ Frame 55D8
Redirect Chain
  • https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOc-58WndwY...
  • https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJP...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NL_Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a33a1bede3845972a7f6e81a4bce82f1869727952b7b2033edba6e7f54b821f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
907
expires
-1

Redirect headers

Location
https://track.adform.net/adfscript/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NL_Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Date
Mon, 22 Aug 2022 14:49:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
put
e1.emxdgt.com/ Frame 55D8
Redirect Chain
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6482711138068417781&ssp=emxdigital
  • https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
43 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Server
44.208.243.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-243-83.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-length
43
x-nosync
emp
content-type
image/gif

Redirect headers

Location
//e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Date
Mon, 22 Aug 2022 14:49:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
check_gdpr.js
biddr.brealtime.com/ Frame 55D8
Redirect Chain
  • https://imp-euro.emxdgt.com/imp/?cp=0.06080&ts=1661179751&seat=70&w=728&h=90&pb=0.04864&sid=9508&tid=82818&pid=1323&uid=70451661179750635808f1&wid=21&dom=securityaffairs.co&tp=0.06080&mt=1&dt=2&st=...
  • https://biddr.brealtime.com/check_gdpr.js
704 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check_gdpr.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
HTTP/1.1
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3d8bcb82d61a3c0b87387b4dcdd2493ea09e7190e2980c6167182ad23cd96d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:15 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
3100
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
YN1DQVT42Y5HMWPM
x-amz-id-2
s7H2zqwCGxB+GOp8zIpzC+6vfi0RytlfPSVMAHC80LdB9N9JgPX9Dp0NdR1qx1p28ORyAM8jey8=
Last-Modified
Wed, 19 Aug 2020 01:11:27 GMT
Server
cloudflare
ETag
W/"45fc2df97a85ec1dbd37c6e43e5da119"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73ec6a01abd868f7-FRA
Expires
Mon, 22 Aug 2022 15:49:15 GMT

Redirect headers

Location
https://biddr.brealtime.com/check_gdpr.js
Date
Mon, 22 Aug 2022 14:49:15 GMT
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html
moatad.js
z.moatads.com/emxsspdisplay905071498485/ Frame 55D8 		299 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/emxsspdisplay905071498485/moatad.js?moatClientLevel1=1323&moatClientLevel2=9508&moatClientLevel3=82818&moatClientSlicer1=securityaffairs.co&moatClientSlicer2=&moatClientSlicer3=
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-151.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4a0c4062dd4631f83121672154a0aa4d182030a500e4bab908e916339fdca038

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
last-modified
Thu, 04 Aug 2022 15:27:56 GMT
server
AmazonS3
x-amz-request-id
9Q3W5YC49595V6M4
etag
"829532b99e7b35176b0b4be14200c2fc"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64572
accept-ranges
bytes
content-length
103968
x-amz-id-2
gsjLibkXidoJS3mWa21TTZQ9D2DzJcIc4Llp2UMp1NgaeTT5/WgEAQvjhBjQd4M15zAQYbPVSjA=
openvv.js
js.brealtime.com/ Frame 55D8 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.brealtime.com/openvv.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8191f9ba76f5caac6877916a84ad731e96464925a7f9225d8a78b73d01240

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:15 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
4458
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
0YXC0BE78VF27J4S
x-amz-id-2
9jF18Hcy/Mzz/wYBEJYMNrc7dOouPeziShBLImOQICMzhSCtOtB2hk+YKqoXv5O3amZ5B8nJKXE=
Last-Modified
Mon, 28 Jan 2019 20:39:00 GMT
Server
cloudflare
ETag
W/"a3f3c6d66a408f8552e62ced6abc6fb4"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73ec6a01482a9290-FRA
Expires
Mon, 22 Aug 2022 15:49:15 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:15 GMT
/
track.adform.net/adfscript/ Frame 476D
Redirect Chain
  • https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104560_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOf-LMYCsw0...
  • https://track.adform.net/adfscript/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJP...
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7fd33e11028f569f722125d67dfd2f9f2bb61f9b67e9e77815b34dffad91e537
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
910
expires
-1

Redirect headers

Location
https://track.adform.net/adfscript/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;OOBClickTrack=$%7BCLICK_URL_ENC%7D
Date
Mon, 22 Aug 2022 14:49:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
put
e1.emxdgt.com/ Frame 476D
Redirect Chain
  • https://aws-fr-sync.bidswitch.net/sync?ssp=emxdigital&dsp_id=70&imp=1
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=emxdigital
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=6482711138068417781&ssp=emxdigital
  • https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
43 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
H2
Server
44.208.243.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-208-243-83.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-length
43
x-nosync
emp
content-type
image/gif

Redirect headers

Location
//e1.emxdgt.com/put?d=d21&uid=60e5e19e-6eae-43ec-a913-65bccdff6792&gdpr=&gdpr_consent=
Date
Mon, 22 Aug 2022 14:49:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
check_gdpr.js
biddr.brealtime.com/ Frame 476D
Redirect Chain
  • https://imp-euro.emxdgt.com/imp/?cp=0.06080&ts=1661179751&seat=70&w=300&h=250&pb=0.04864&sid=9508&tid=82816&pid=1323&uid=68251661179750639160f1&wid=21&dom=securityaffairs.co&tp=0.06080&mt=1&dt=2&st...
  • https://biddr.brealtime.com/check_gdpr.js
704 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check_gdpr.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Protocol
HTTP/1.1
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3d8bcb82d61a3c0b87387b4dcdd2493ea09e7190e2980c6167182ad23cd96d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:15 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
3100
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
YN1DQVT42Y5HMWPM
x-amz-id-2
s7H2zqwCGxB+GOp8zIpzC+6vfi0RytlfPSVMAHC80LdB9N9JgPX9Dp0NdR1qx1p28ORyAM8jey8=
Last-Modified
Wed, 19 Aug 2020 01:11:27 GMT
Server
cloudflare
ETag
W/"45fc2df97a85ec1dbd37c6e43e5da119"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73ec6a016b5f68f7-FRA
Expires
Mon, 22 Aug 2022 15:49:15 GMT

Redirect headers

Location
https://biddr.brealtime.com/check_gdpr.js
Date
Mon, 22 Aug 2022 14:49:15 GMT
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html
moatad.js
z.moatads.com/emxsspdisplay905071498485/ Frame 476D 		299 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/emxsspdisplay905071498485/moatad.js?moatClientLevel1=1323&moatClientLevel2=9508&moatClientLevel3=82816&moatClientSlicer1=securityaffairs.co&moatClientSlicer2=&moatClientSlicer3=
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-151.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4a0c4062dd4631f83121672154a0aa4d182030a500e4bab908e916339fdca038

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
content-encoding
gzip
last-modified
Thu, 04 Aug 2022 15:27:56 GMT
server
AmazonS3
x-amz-request-id
9Q3W5YC49595V6M4
etag
"829532b99e7b35176b0b4be14200c2fc"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=64572
accept-ranges
bytes
content-length
103968
x-amz-id-2
gsjLibkXidoJS3mWa21TTZQ9D2DzJcIc4Llp2UMp1NgaeTT5/WgEAQvjhBjQd4M15zAQYbPVSjA=
openvv.js
js.brealtime.com/ Frame 476D 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.brealtime.com/openvv.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8191f9ba76f5caac6877916a84ad731e96464925a7f9225d8a78b73d01240

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:15 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
3104
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-request-id
ERCBPK6FYYZ085N7
x-amz-id-2
LfvK16OMLhxMNpYFuEXMONEqQTcjyGyapkISVW1sG4TTe0xlfpZaY4bOORGAPfZ6eAc9pz/D3Ps=
Last-Modified
Mon, 28 Jan 2019 20:39:00 GMT
Server
cloudflare
ETag
W/"a3f3c6d66a408f8552e62ced6abc6fb4"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
CF-RAY
73ec6a014fe4692e-FRA
Expires
Mon, 22 Aug 2022 15:49:15 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:15 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:15 GMT
async_usersync
ib.adnxs.com/ Frame CFFF 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:15 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
f31d01e2-6071-4d7f-aaee-2fc6e164b470
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 593E 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:15 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
57a5c55c-5b56-400f-8289-d6d2944ddcf1
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 6417 		0
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 14:49:15 GMT
X-Proxy-Origin
217.64.151.69; 217.64.151.69; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid
2177d117-a56f-418f-a26a-9721c80c82c0
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 55D8 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: ghent-aws-fr.bidswitch.net
URL: https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104562_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW__MkHCjwrrFhRkY7FK__XO0KT6NL__Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/PKhsCVWqtj6Ulp2YpSc2gSLKwY4urb8WpBiMilRI7UEGcUGeaRZ0imzwo6u2EHv4omQTW-XkyW1C-VjodelFODPxu4uGOYyUb61U8oERQXkLe6IS2ojPJ-eOsiKr5hQPR8UhLqHb3UBlokdsHRAsGCfQXY6FOfdNI39atxi4ZDiLY3QmBcy33xI5lycLnqh1dyIT89ccLndR71Rbtl23RjBQKwXZkTkLiVsYM47MWHF8LbOcdOUQBqXwV0e3YOhBDYJZVj9DOGVPZ4m1WvzbDj2tbMEsJ8uTrJ0EWBQDupwKkWOOZ0y3MPf8uV9cJvT0TzW27ctBvKMioYPQb40NfnA9S47Mpkb2_f4ceQlAIds245i2-ElcIJMkcFFBeMexGdPwd-im60UQi-CVfnWNYlHY4Y067tOEX2uCBbbp9Ex5B_vt_p9M_STUoqLOfMFKBa-RdUUbaemoYiEXPH1qLryK6vt4g8SxNyrYbPgFDsq3OJ7X5y-CRZsWz_MMmpqWzkHvKj1VmyFhibA386EHhVbMNtGtWXnGp06dZ09g-fKvoMzO3Q4XFG0i72e8vb10rNv9_j6xxgjAqh2a7u_8lkxv_5NQOe43axHDIqTv5Uq1lwDYorshVrOTPHP0OXYThY8Urm2KHNp0tCxJ53SMgHQUgzSjlbeZRX8nsZXNbWaoGCZ9R-Dr91oHGDGZ2jd7_WrV0Xzp4_cfa4e4aNRROei_NEsMYMgAoBisF_Qj5bjKiGAeVHvNhL5bT7nyLKiVgCZPkXxcM3rmPCZsJ_N7u92aMf89DNRN8ziLPuwhU-gHrzaM05UvOn0hLV4secucXs_x7hm7VSY7RXG7aJNz8YfMnewGJG9a2Nj8CLDyogZipD7CcBCK30J4_feIpZkdH6mPatEePFGhlnMgew/$%7BCLICK_URL_ENC%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 23 Aug 2022 18:15:49 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 476D 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: ghent-aws-fr.bidswitch.net
URL: https://ghent-aws-fr.bidswitch.net/imp/0.06080/BSWhttps_A_B_Btrack.adform.net_Badfscript_B_Cbn_R37104560_Qrtbwp_R_I_WAUCTION__PRICE_X-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0_Qrtbdata_RLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW__MkHCjwrrFhRkY7FK__XO0KT6NLSGFK5__6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9__LWT0lQkXAT8x0_Q_QOOBClickTrack_R_I_WCLICK__URL_AURLENCODE_X/8JG8qld6fvEcKmXO_2n9sB31t1o4VZM79bkQ7qWB1o-6AGSyU1SZs1UR7OGyVDIK98agYfjmUE9IXk9xM3HH7e5td_iBr_PLnv95L_5hShlGqVngO-u_NM6k0UOM8fvQvI2qGB_vg0Z2dhqOWKL-uEL2B5R8Y3sMeB5SY024MVktgC81x6PpJgle8nHwL84oi6pUuCa17lsLFLQ5ic7-LELvBIIhe9Yyw2CWBOnHmlvr37j9Gwy1ATWV2jq0Js-a9X3bIItPSN-05wOUbJ91f0znS9t-8rvI64i6wOgxsQ3ehDPZU_1JGObL7GoLCDcxMpO9M-ct05s9ghsT_3jn7ywnbMfSJUQR2QYS51m54_7bCOYpsGkS3EBMtI7VIjtguccgLVwlSBWQDla9aGX5jqV_ObNdPqV66KWzlu_V1H4NEfy87gRiZZbIdFLx2mRAMCkHKVYBNwHkbkXYC7UUPkw_hXYzU4nJ_c-v0UuUvhclbRMjvrhwGcA6PLmUmPCa3R4mbW-67MgCTspN2ehrDd8NkxJZi194KzN265ERGSIsqTUWFBj6ZG9sFbQCeekqjmWsc0H883GrPS3M6hoqqv7fl0L70LafMtjX42Tpii9P7oboxUAY-66M3K4KjcssFM8InC7yuIZ8UtymTW-UbpKor5oK1GRGTKAEbfFwNjh4aOgg-TLNl7fk_vb75M9kqgy9AFMwPEYsszWM1tyLsq2uOz0ecYuxv62sRehYaNv91Y68SHMaSNrnAlsm1YnXXk1L4EXtT9T-58PSsVih2csM8z17W54LTe68Rtk8doTcEJycutzMx0oYDny4Zn3Y2JjtlYtUKbEcv4AArsXePb1pmxoXfNk3NPYG59ZJd0_YnBZQMeqaDX1_chzXLYvlg4GbMAOUBvwq8rKNjAHk/$%7BCLICK_URL_ENC%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 23 Aug 2022 18:15:49 GMT
/
track.adform.net/adfserve/ Frame 55D8 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?bn=37104562;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOc-58WndwY1IIaWs2OvBMfvNBaCdpL2NWZkLik--3mWTlL7Zz4J7yNRMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NL_Xace5ylOBBnifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHaoASInuQlT0mT0lQkXAT8x0;;oobclicktrack=%24%257BCLICK_URL_ENC%257D;js=1;adfxid=1x;9416;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0f5962de984fedb6b42e6e855633ccb1e6cd223a697140b19f9655b69618ee3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2681
expires
-1
/
track.adform.net/adfserve/ Frame 476D 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?bn=37104560;rtbwp=0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0;rtbdata=LaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0;;oobclicktrack=%24%257BCLICK_URL_ENC%257D;js=1;adfxid=2x;9369;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|0|0;fd=0|2&CREFURL=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b5536c6bfbb58b6012233ffb4edb582f34c5b210bfeb208efa8d649db0f4a583
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2698
expires
-1
r62eglto.js
ad4m.at/ Frame 55D8 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9b060fea5d40ed1a199f9ffec8eedb296149c1c5289e65818742d16f24f4dc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=QLBs9A==, md5=pp9azZKJxl5nOXvhQrwsPw==
date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
101364
x-guploader-uploadid
ADPycdvCCOP9Uzf7YMNe5zpOdwLzH3tdqs2JivsZwF6PkUhqEkDs7CogtZXeQ3odj9LlAbbdHdac6HsRuZhkokPV4A3vaA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 27 Jul 2022 10:39:11 GMT
server
cloudflare
etag
W/"a69f5acd9289c65e67397be142bc2c3f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Osuu2omK71BNqVcKt2y%2FXXhEb7A2f3gbfA229JwJaUdfsdrAe%2Fh2SYBKH0tOo8CKVMPzhA%2FDH4Jt8M4nZkgoT0KXzH0I05%2BKJwTR8i5CY7Q4UAGaezS7FQPauSm9VRnOmuFc0I%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1658918351642621
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length
11980
cf-ray
73ec6a04fe193753-MXP
expires
Sun, 21 Aug 2022 10:39:52 GMT
/
track.adform.net/csimpr/ Frame 55D8 		35 B
470 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=37104562&csi=86x6AAJu6zeIocyql-rhST4YCPE1BkpSi3mLmmJrvwkJDwKV3Zer3N8N4t_7lvczSRc3kJNciJw0qvn1hHNqgmQBbo50IEXs0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
r62eglto.js
ad4m.at/ Frame 476D 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9b060fea5d40ed1a199f9ffec8eedb296149c1c5289e65818742d16f24f4dc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=QLBs9A==, md5=pp9azZKJxl5nOXvhQrwsPw==
date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
101364
x-guploader-uploadid
ADPycdvCCOP9Uzf7YMNe5zpOdwLzH3tdqs2JivsZwF6PkUhqEkDs7CogtZXeQ3odj9LlAbbdHdac6HsRuZhkokPV4A3vaA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 27 Jul 2022 10:39:11 GMT
server
cloudflare
etag
W/"a69f5acd9289c65e67397be142bc2c3f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rsvymalu43EdltrCnveab93BVr6NVapojHPVSAm56czL5%2FHuNZanwqDmWLR9rfTt%2F1nsGRqW%2FSfVx1OYp9PFD%2FserGw81UBzCTGu7vn9eOr%2FjMZbij2MTo5jfVZ8WIDTjJYmE0k%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1658918351642621
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length
11980
cf-ray
73ec6a04fe1b3753-MXP
expires
Sun, 21 Aug 2022 10:39:52 GMT
/
track.adform.net/csimpr/ Frame 476D 		35 B
470 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=37104560&csi=cCq_WEFcxQlO69hdyLxQ6iWl2jBl20JHi3mLmmJrvwkJDwKV3Zer3N8N4t_7lvcz4lPV8BviiIHGvNotvp-rWGQBbo50IEXs0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
ThirdParty
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 55D8 		35 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
48cab163ff0e9b0d1181e52187d68e1bc909972b5f690b4a2bec7b20b8ff16f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 23 Aug 2022 18:19:11 GMT
ThirdParty
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 476D 		35 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/.gSBgiDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
48cab163ff0e9b0d1181e52187d68e1bc909972b5f690b4a2bec7b20b8ff16f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
content-encoding
gzip
last-modified
Wed, 27 Jul 2022 07:02:09 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 23 Aug 2022 18:19:11 GMT
/
e1.emxdgt.com/sync/ Frame 55D8 		0
0
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=EMX_SSP_DISPLAY1&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=&t=1661179756356&de=143545265979&m=0&ar=1da355aa18f-clean&iw=43787e0&q=2&cb=0&ym=0&cu=1661179756356&ll=3&lm=0&ln=1&em=0&en=0&d=1323%3A9508%3A82816%3Aundefined&bo=securityaffairs.co&bp=&bd=&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&id=1&ii=4&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&gw=emxsspdisplay905071498485&fd=1&it=500&ti=0&ih=2&pe=1%3A2929%3A2948%3A3527%3A3028&fs=199703&na=671797193&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-151.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 22 Aug 2022 14:49:16 GMT
frame.html
ad4m.at/ Frame 5E53 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2533661
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
HIT
cf-ray
73ec6a05ef53ba86-MXP
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:16 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Mon, 22 Aug 2022 15:49:16 GMT
last-modified
Wed, 06 May 2020 15:09:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IdhMIp%2F3t%2BspEb6waODU%2B%2BcLaXEtFp7XrCpgMGZK3jLNOw1UkP%2FjHwn9I0H5QoXtqC0gFgrvjYQjh%2BMuZsWac%2BAKqjuQjjGXysV%2FZLWIRPNYpIrfBBsoNpFoLv2fhN8%2Fjq%2FRxKU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-goog-custom-time
1970-01-01T00:00:00Z
x-goog-generation
1588777770164783
x-goog-hash
crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-meta-
x-goog-metageneration
3
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
1681
x-guploader-uploadid
ADPycduc2HtjKiy_wFdLx5FsXnU3psGObPoBIbdvVcM6ZElhZi4IxBRiGNT7FKs5VniPE5LN17JQNROkqarEZqfl_P6drxTeZ8Sf
rs
ad4m.at/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://securityaffairs.co
access-control-max-age
1800
allow
HEAD,POST,GET,OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
73ec6a066d1c83be-MXP
content-length
24
content-type
text/plain
date
Mon, 22 Aug 2022 14:49:16 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQ8H01Fxjudr%2B2R0BBJyVkHDySm2ofiLIVYAyRE7NJFORKD5NyG00VereJCZpGL7HVC1bBi4eGgkF3tu4MXv8Cez5tRHGR9tize04xsACRRNKlcX2cBgRW5XE03WxR%2BJiCJfk34%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
x-backend-server
aa-reachservice-group-europe-west1-h8v1
rs
ad4m.at/ Frame 476D 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd780f204ee5e496464528cf127d58b3163cb40f7dabaaf4e5b55696c7b23c6e

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json

Response headers

cf-ray
73ec6a06de0083be-MXP
date
Mon, 22 Aug 2022 14:49:16 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYtLM1bFzdD%2FegHIPXJX4QFa8x6BamXIPeI%2FNgBbe2aZ%2F9dM3h9Luf3Y7eQSSkMdok17hv54wr6ezzIQVa5CL64hep2yK9VoX1FYN05qmYPusBLkXoF9oWIHuhNAqZ3es5HZIAE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials
true
content-encoding
br
x-backend-server
aa-reachservice-group-europe-west1-h8v1
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 24 Aug 2022 14:49:16 GMT
rar
as.ad4m.at/ad/ Frame AE4D 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c37c1f73402fa88125a6f3c1cbd5102c9a2c63fb7cc1c2be439ed1cce3e567c7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
73ec6a076b3b3753-MXP
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 14:49:16 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
0
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
SPug
simage4.pubmatic.com/AdServer/ Frame 6C84 		0
47 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
default.css
as.ad4m.at/ad/style/0.1.21/one-ad/ Frame AE4D 		84 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.21/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age
273089
cross-origin-embedder-policy
unsafe-none
cf-polished
origSize=86749
surrogate-control
no-store
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=86400; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Fri, 19 Aug 2022 10:57:47 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
x-download-options
noopen
content-type
text/css; charset=utf-8
expires
0
cache-control
max-age=3600, must-revalidate, proxy-revalidate
cf-ray
73ec6a07cb9fba86-MXP
cf-bgj
minify
D47CDCC9ED573A7F0FC36327ED81D34D2A7FA777C24CB1FAB8DA54E6096BD3354B83AFD196FFC0C0A80FA860C3BE4240952C98421D5A9707BD98799011452967
assets.ad4m.at/logo/ Frame AE4D 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/D47CDCC9ED573A7F0FC36327ED81D34D2A7FA777C24CB1FAB8DA54E6096BD3354B83AFD196FFC0C0A80FA860C3BE4240952C98421D5A9707BD98799011452967
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab284bb4630bba786de179717df91dbee93cc78defd7e6e8b116c82be1313a8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=Br2Brw==, md5=hMyAjBI5uoUAEWWpA7ZhZw==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
403896
cf-polished
qual=85, origFmt=jpeg, origSize=66696
x-guploader-uploadid
ADPycdtFuI-OkuqGGslY6oH4uTmgCJT1ZBJesvtb6Hul4OTNkfkUtiDKhYaP8-1HXRaPKlik8q4BNbXFsNsoRKx0tqlqfciYOlDE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17556
last-modified
Mon, 09 May 2022 11:56:32 GMT
server
cloudflare
etag
"84cc808c1239ba85001165a903b66167"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dZkMpHslQZVxqs7GgyJMXDscXReG3iT0mSInI6FHvRBfLHsrQMvZmgH0vs51Hvwj4%2FYOOIeTDeZ%2FWxMaYfYcBfJz1cJLX1MMteHT8jbG03PcBbZocN2l4J6E%2BHcfEyH3KZYZAnLXip2SKFt"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1652097392526772
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
66696
accept-ranges
bytes
cf-ray
73ec6a07dc093753-MXP
cf-bgj
imgq:85,h2pri
7558552568825531EDEE804B1F6882A532B8A70DBF2ACADD7C127BC7F1EEB9F636C6B7BC23251B7AF4A4A304A43566C99FB836C00491A9CBB644A1BAF96AD5AE
assets.ad4m.at/product_image/ Frame AE4D 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/7558552568825531EDEE804B1F6882A532B8A70DBF2ACADD7C127BC7F1EEB9F636C6B7BC23251B7AF4A4A304A43566C99FB836C00491A9CBB644A1BAF96AD5AE
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be3506e558922d62b5e4e4cc432dc890cebdee4fb9779485d505fd8793fa469c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=/FFg7g==, md5=yCa4XLa+IMHmbKT39v1eGg==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
402134
cf-polished
origFmt=png, origSize=164457
x-guploader-uploadid
ADPycduIz94zkWXVAJSefGtHSAGjHTc2iKTP8PNvu1yf-wYQYxWg8szViHALrnLf8jezCEHqzlIZ7smBZdnOvyv0FhkLD1s-oQgz
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
100446
last-modified
Fri, 06 May 2022 08:44:45 GMT
server
cloudflare
etag
"c826b85cb6be20c1e66ca4f7f6fd5e1a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5uP1BOKIN2sV%2FXJcxYt2wi3BT1BgEIetXEQCvZFe3wvHMiAYam%2BcaIph9Z47ZLp2qtc6ptznZu%2BwJWAiTpghJRoi8MitZ40j5Idb8p8v8PBk0yhi3gw%2FLy05dZtbscBW%2FmHgCuyePgnYQK9"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1651826685474440
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
164457
accept-ranges
bytes
cf-ray
73ec6a07dc133753-MXP
cf-bgj
imgq:85,h2pri
csp.php
vfd2dyn.vodafone.de/csp/ Frame AE4D
Redirect Chain
  • https://private.vodafone-affiliate.de/tpv.php?t=112510V1175122964M&cons=&subid=oneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://m.exactag.com/ai.aspx?extCa=707&extTcm=AffDisPer12218C|NonCpoNon|fq0gen&url=http://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid...
  • https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affili...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
3.69.216.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-69-216-1.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Access-Control-Allow-Origin
*
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy
cross-origin
Connection
close
X-ET-Monitoring
1
Content-Length
0
X-Xss-Protection
0
Pragma
no-cache
X-ET-Code
0
Last-Modified
Mo, 22 Aug 2022 02:49:17 GMT
Server
Microsoft-IIS/8.5
Date
Mon, 22 Aug 2022 14:49:16 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/html; charset=iso-8859-1
Location
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1744&r_id=htlp&aid=2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&affiliate=112510&VFAffID=12218&pid=12218&extProvId=315&extProvApi=129048&extPu=12218&extLi=112510&extPm=112510&extCr=WWWWW
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
1756
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
assets.ad4m.at/logo/ Frame AE4D 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/E622BC9BD82AE6F51E341CE5BBC00C7BCEF1113266FC86A7954D357A123D68059FD32592A221C64F87EEABAF18D4698D5388E6B9CA984D807BB6BB7E4D07744E
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=GwuURg==, md5=tDQuJ3xDqtnFAgoEVkv9Hg==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
407023
cf-polished
qual=85, origFmt=jpeg, origSize=58124
x-guploader-uploadid
ADPycdvlQHK491JAXwOekjNLjC41pRbcsOlkPx9JkCUpmN685xQHHEGl9T6EhTIMBXQchQrQCFcEtsfVqUhwQwMRt54ZAA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9782
last-modified
Fri, 08 Jul 2022 10:19:52 GMT
server
cloudflare
etag
"b4342e277c43aad9c5020a04564bfd1e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itXcP%2BIbbi4MxnFDs2T968jueIdrhVjEJ123XctdgC2m9NXjsy3dI6GOCNMPD6hjSXBuk8r1%2Bk7asMUTNYM5HD4vfLJMfRyGnf87KAsoJOrM8rxxtT85ZQjgz%2FH5%2BeVG3bN3uVYDKXnQGK3z"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1657275592908471
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
58124
accept-ranges
bytes
cf-ray
73ec6a07dc113753-MXP
cf-bgj
imgq:85,h2pri
9BB8922D4DC6C9A36B8D83900BE3C417783CEBF3EB448A8A5E268471F12FE38D3472246CD214F7655C16CB473EE4650902292819B5437B86E630B9AE33E0BB1F
assets.ad4m.at/product_image/ Frame AE4D 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/9BB8922D4DC6C9A36B8D83900BE3C417783CEBF3EB448A8A5E268471F12FE38D3472246CD214F7655C16CB473EE4650902292819B5437B86E630B9AE33E0BB1F
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a868642fa5a7a4692ff83f60cf0f26a6717c5d6a6cb6d550e798462a38a66880

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=ILhSvQ==, md5=pi1Bt4URqYM1aSRcyJuedQ==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
402567
cf-polished
qual=85, origFmt=jpeg, origSize=151815
x-guploader-uploadid
ADPycdsr2WI8z42rEfZeCn4YqugMGqaKXJhBsWRYjkCRyLhu4Cj0oKPrc-QdebWGPOT4zfvF2lbtCquW6Qh1Mfc4RxAtLrluXlW5
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
68606
last-modified
Wed, 15 Sep 2021 13:52:46 GMT
server
cloudflare
etag
"a62d41b78511a9833569245cc89b9e75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOio2njr9uSESqlNr4A%2B9FHrEAToB76OuOTwO%2FxCrbXjrmKoK9JZnDubY2ZNn4GMGtelFQTksMvBEKNAlf%2BxIvZwWQ4l4XsfwkSA17mbcQZ02PHFFx9%2B8ZrrjA6eo%2FKoHX9Z1Vpi%2BU8pDEkt"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1631713965956674
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
151815
accept-ranges
bytes
cf-ray
73ec6a07dc0c3753-MXP
cf-bgj
imgq:85,h2pri
view.aspx
pb.media01.eu/ Frame AE4D
Redirect Chain
  • https://pv.medialead.de/trck/epv/2aed39855b5f46b7651ba591340f258c?t=htlp&subid=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=...
0
629 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-250-30.clients.your-server.de
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:15 GMT
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
p3p
policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 22 Aug 2022 04:49:16 GMT
server
Microsoft-IIS/10.0
access-control-allow-methods
GET,POST
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 22 Aug 2022 14:49:16 GMT
Server
nginx/1.17.5
Host
pv.medialead.de
X-IPLB-Request-ID
D9409745:A8FE_91EFC182:01BB_6303976C_1C67FD8:2A46B
X-IPLB-Instance
40027
Strict-Transport-Security
max-age=15768000
Content-Type
application/javascript
Location
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=57372&dt_subid2=wkzMotivBoneidmRBCefGfXxjcmHZHZtzt3jptKSwTEAhAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&actionid=981741&produktid=&dt_url=
Keep-Alive
timeout=20
Content-Length
0
Proxy-Host
pv.medialead.de
CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
assets.ad4m.at/logo/ Frame AE4D 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/logo/CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=kzpU3g==, md5=rZM0ZkUU2QCgw7dtF8qWDw==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
401044
cf-polished
origFmt=png, origSize=39979
x-guploader-uploadid
ADPycdsatLU284vlRNjoTBsU_7YAUFgMtk_rIf8ulh9oIzq8bWx7MY4S9zjn-gkvF54447nvplW8a_PfWntz5rrb4wc2Mw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15996
last-modified
Wed, 22 Jan 2020 13:07:55 GMT
server
cloudflare
etag
"ad9334664514d900a0c3b76d17ca960f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK6%2Bv0OvwupLjwmsC99uFbj7YDAi0kH7wJy4j53K5nnKX%2Fh21%2BFROEmj%2BEMmFzv74bqg16jTFolBR7qh6y305AUN7%2BlrQaiPdBbb1ndTr32um3nPUvsdDIwbfjKpQ8SQ8Wm6C17mnFH7AKq4"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1579698475785088
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
39979
accept-ranges
bytes
cf-ray
73ec6a07dc0f3753-MXP
cf-bgj
imgq:85,h2pri
EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame AE4D 		222 KB
223 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-goog-hash
crc32c=KioGiw==, md5=gsfeD0L/Vf3QrMB3MWZAMQ==
date
Mon, 22 Aug 2022 14:49:16 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
400664
cf-polished
origFmt=png, origSize=342797
x-guploader-uploadid
ADPycdsBlIkJqa4UFyrTexiLYDL1RTZ8pHTcl-CT-3rKePFp2cm2Fp2cMRDncQ_ozdve3AGqaWG2M_AH5t3eu7jGim18Vw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
226950
last-modified
Wed, 15 Jun 2022 14:01:11 GMT
server
cloudflare
etag
"82c7de0f42ff55fdd0acc07731664031"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FpkKjIdphkfaSG0SZGxYt93ql534dEFqq4lmohmLMJSfX8OylMrjFNFjr9jvKBLsf1%2FIuXOMP7p%2BHFIjqQdXh8wkt6LAogqxCerPhnuc%2FQ4x0CZqzw%2F6jIuUgQQR%2BPuGGUtxsTrv2vF2%2BiP"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1655301671870263
content-type
image/webp
expires
Tue, 23 Aug 2022 14:49:16 GMT
cache-control
public, max-age=86400
x-goog-stored-content-length
342797
accept-ranges
bytes
cf-ray
73ec6a07dc0d3753-MXP
cf-bgj
imgq:85,h2pri
ztpv.php
www.conrad.de/ Frame AE4D
Redirect Chain
  • https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDeal&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://www.zenaps.com/cshow.php?pvr=98af6b30-2229-11ed-80d0-22316432dc67&v=11354&r=412871&q=377129&s=2470185&viewref3=oneidxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaAoneid__adf_Netmix_Reach09_Mweb_KreiselDea...
  • https://www.conrad.de/ztpv.php?awc=11354_412871_1661179756_98af6b30-2229-11ed-80d0-22316432dc67&insert=AW&&gdpr=0&gdpr_consent=
0
726 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.conrad.de/ztpv.php?awc=11354_412871_1661179756_98af6b30-2229-11ed-80d0-22316432dc67&insert=AW&&gdpr=0&gdpr_consent=
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=188906%2C34719%2C14019&b=4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%2CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%2CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA&f=rBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%2C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%2CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr&c=300&d=250&e=&g=ba751365ec379c9d980cd42cd5d1428d%2F1594096746173944815&i=75451%2C26474%2C21596&j=22%2C41%2C16&k=0&l=0&m=0&n=&p=&q=&o=adf_Netmix_Reach09_Mweb_KreiselDeal&r=1661179756646&h=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D37104560%3Bcrtbwp%3D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%3Bcrtbdata%3DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%3Badfibeg%3D0%3Bcdata%3D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f99156%252fcyber-crime%252fcoronavirus-spam-campaign.html%3BC%3D1%3Bcpdir%3D&y=1&s=&z=0
Protocol
H2
Server
2606:4700::6812:7f05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:17 GMT
via
1.1 varnish (Varnish/6.6)
cf-cache-status
DYNAMIC
server
cloudflare
age
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
p3p
policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
content-type
text/html; charset=UTF-8
content-encoding
br
cache-control
no-cache
x-varnish
499480762
server-timing
intid;desc=0d732df3ecba281a
cf-ray
73ec6a0a2f98cc4e-ZRH
expires
-1

Redirect headers

Date
Mon, 22 Aug 2022 14:49:17 GMT
Strict-Transport-Security
max-age=86400
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://www.conrad.de/ztpv.php?awc=11354_412871_1661179756_98af6b30-2229-11ed-80d0-22316432dc67&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set
default
Node
Helix
Connection
keep-alive
Content-Length
0
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fas.ad4m.at%2Fad%2Frar%3Fa%3D188906%252C34719%252C14019%26b%3D4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUK%252CmRBCefGfXxjcmHZHZtzt3jptKSwTEAhA%252CxM7tQfAfbRKtPHdHztQtRMWU7S6TgxaA%26f%3DrBZFQf9f3PRZHAH7HjtJCVBdRFYS8TGdtd%252C7KMUqfzf5KJtrHXHgtEC4XeH4S1TjZTM%252CY97Frf3f9GMfVH9HetgCRVeUkS1TbJUr%26c%3D300%26d%3D250%26e%3D%26g%3Dba751365ec379c9d980cd42cd5d1428d%252F1594096746173944815%26i%3D75451%252C26474%252C21596%26j%3D22%252C41%252C16%26k%3D0%26l%3D0%26m%3D0%26n%3D%26p%3D%26q%3D%26o%3Dadf_Netmix_Reach09_Mweb_KreiselDeal%26r%3D1661179756646%26h%3Dhttps%253A%252F%252Ftrack.adform.net%252FC%252F%253Fbn%253D37104560%253Bcrtbwp%253D0.065376-IVag6vLBDjICnrHzqyN9bj1fQ7IhGCLY0%253Bcrtbdata%253DLaDmQRhPfOf-LMYCsw00SKm8iRPq3Km3Eceduvv3rvomlTAxoeVAMpcLpK6M7WifMi95g1qXc7X4llom4nvcxIpm3AJPgcSSb3IRDH31pKkL6C6EUBsEXHdjVQUIUvRimByYHqI1uaEXOM2kyYtxDhQuI8f4IPRlQCJeiW_MkHCjwrrFhRkY7FK_XO0KT6NLSGFK5_6whB1nifV-CdXOP-nfHYJ0GNGVHsUeW1F3wxHHmS7Lt4FCrkDAEyG5PVonWNxJ3JFWgHYWzpcFMu9_LWT0lQkXAT8x0%253Badfibeg%253D0%253Bcdata%253D63-p2tdVSH8Sc5x_H_hRK9NsrEmeQv7dv2IhAEIHs8T2WUmd6gqM49-yQr5Uwg8b2EHnLiuLa6oI_u3pSddzG5L85svRcqPvxPnylcoSt0qS1s3RfyqAecHzWJ8iG5IJjexxSbmQI_dLlA1cXL1hJUlGXR6tQWu-p5UVPKcyb3InI2bH_ssHCsegUSTf2QqAw3iI60gHGBc1%253B%253BCREFURL%253Dhttps%25253a%25252f%25252fsecurityaffairs.co%25252fwordpress%25252f99156%25252fcyber-crime%25252fcoronavir&i=EMX_SSP_DISPLAY1&ol=1549293663&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CC%24%3D!!tmxgk3M%5EIz%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=0%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-dBA63cnegzlATHhA%2BfHRT33aDaO73LuhfDBJf6raYEJYmkDpFPmliBNlAlwWxmRnpyWz&rs=1-QVZ3bHpQg2TbHQ%3D%3D&sc=1&os=1-zg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=250&w=300&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&fy=0&gp=0&zGSRC=1&gu=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F99156%2Fcyber-crime%2Fcoronavirus-spam-campaign.html&id=1&ii=4&f=0&j=&t=1661179756356&de=143545265979&cu=1661179756356&m=564&ar=1da355aa18f-clean&iw=43787e0&cb=0&ym=0&ll=3&lm=0&ln=1&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=5627&le=1&gm=1&io=1&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A2929%3A2948%3A3527%3A3028&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=153&cd=0&ah=153&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=1323%3A9508%3A82816%3Aundefined&bo=securityaffairs.co&bp=&bd=&gw=emxsspdisplay905071498485&zMoatOrigSlicer1=securityaffairs.co&zMoatOrigSlicer2=N%2FA&hv=findIframeAds&ab=2&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&tc=0&fs=199703&na=763511134&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.229.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-229-151.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:16 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Mon, 22 Aug 2022 14:49:16 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame BC07 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=86530767&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
43d279685cb20720e593ce20395eacd975ca6bb24a8df3fea9115ee0f6fd9561

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1823
content-type
text/html; charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame C111 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=93485802&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
43d279685cb20720e593ce20395eacd975ca6bb24a8df3fea9115ee0f6fd9561

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:16 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1823
content-type
text/html; charset=UTF-8
141
match.deepintent.com/usersync/ Frame 2B61 		0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 -, , ASN (),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 22 Aug 2022 14:49:17 GMT
server
b
services
sync.technoratimedia.com/ Frame 02C6
Redirect Chain
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
  • https://match.bnmla.com/usersync?dspid=6&uuid=0671D2A38483422B810E6AE08737B306
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
150.136.25.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
POST,GET,HEAD,OPTIONS
access-control-allow-origin
https://ads.pubmatic.com/
age
0
date
Mon, 22 Aug 2022 14:49:18 GMT
server
nginx
via
1.1 varnish
x-varnish
1016364871

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 22 Aug 2022 14:49:18 GMT
Location
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 2F5A
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:zV27ONNo1Oq8JT5&gdpr=0&gdpr_consent=
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:zV27ONNo1Oq8JT5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 04:02:24 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 22 Aug 2022 14:49:16 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:zV27ONNo1Oq8JT5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/9853e75#9853e75792b29505864c0b7c23889ef441e21f3f i-077d14650704a66ab@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame AB78
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:16 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Mon, 22 Aug 2022 14:49:17 GMT
expires
Sun, 21 Aug 2022 14:49:17 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
Artemis
aud.pubmatic.com/AdServer/ Frame BC07
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
Protocol
H2
Server
185.64.189.229 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Redirect headers

date
Mon, 22 Aug 2022 14:49:17 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
info
uipglob.semasio.net/pubmatic/1/ Frame BC07 		0
0
mw
mwzeom.zeotap.com/ Frame BC07 		95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:17 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
73ec6a0e1afb0211-ZRH
access-control-allow-headers
*
content-length
95
p
a.audrte.com/ Frame BC07
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.23.73.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-73-66.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:18 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 22 Aug 2022 14:49:17 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
d1ba4609
rtb.gumgum.com/getuid/ Frame BC07 		35 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.208.45.224 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame BC07
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=de466e49-c8f9-4244-90af-5b910074cec4&gdpr=0&gdpr_consent=
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=de466e49-c8f9-4244-90af-5b910074cec4&gdpr=0&gdpr_consent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 02:05:31 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=de466e49-c8f9-4244-90af-5b910074cec4&gdpr=0&gdpr_consent=
Date
Mon, 22 Aug 2022 14:49:18 GMT
X-CI-RTID
b02bbf13-a56b-43d2-bc23-562aa3778228
Connection
keep-alive
Content-Length
205
Content-Type
text/html; charset=utf-8
Artemis
aud.pubmatic.com/AdServer/ Frame C111
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
Protocol
H2
Server
185.64.189.229 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Redirect headers

date
Mon, 22 Aug 2022 14:49:17 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame C111
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
77.243.60.138 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:18 GMT
frontend-id
9
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:18 GMT
frontend-id
10
location
/pubmatic/1/info2?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame C111 		95 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:17 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
73ec6a0e1b010211-ZRH
access-control-allow-headers
*
content-length
95
p
a.audrte.com/ Frame C111
Redirect Chain
  • https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=76D9F978-F0E6-40D8-985B-24FB1F3CFD03
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.23.73.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-73-66.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 14:49:18 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Mon, 22 Aug 2022 14:49:17 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
d1ba4609
rtb.gumgum.com/getuid/ Frame C111 		35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.208.45.224 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 14:49:18 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
141
match.deepintent.com/usersync/ Frame 6581 		0
44 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 -, , ASN (),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Mon, 22 Aug 2022 14:49:17 GMT
server
b
Pug
simage2.pubmatic.com/AdServer/ Frame C111
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ca03f1b3-0c13-4554-908c-d1cd4a245448&gdpr=0&gdpr_consent=
0
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ca03f1b3-0c13-4554-908c-d1cd4a245448&gdpr=0&gdpr_consent=
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:17 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ca03f1b3-0c13-4554-908c-d1cd4a245448&gdpr=0&gdpr_consent=
Date
Mon, 22 Aug 2022 14:49:18 GMT
X-CI-RTID
ecf53fd4-e393-4deb-9f3e-06210a8ecbcf
Connection
keep-alive
Content-Length
205
Content-Type
text/html; charset=utf-8
services
sync.technoratimedia.com/ Frame EABC
Redirect Chain
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
  • https://match.bnmla.com/usersync?dspid=6&uuid=0671D2A38483422B810E6AE08737B306
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
150.136.25.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
POST,GET,HEAD,OPTIONS
access-control-allow-origin
https://ads.pubmatic.com/
age
0
date
Mon, 22 Aug 2022 14:49:18 GMT
server
nginx
via
1.1 varnish
x-varnish
520657960

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 22 Aug 2022 14:49:18 GMT
Location
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 2996
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:05IxoNNP1Oq8JT5&gdpr=0&gdpr_consent=
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:05IxoNNP1Oq8JT5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:17 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 22 Aug 2022 14:49:16 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:05IxoNNP1Oq8JT5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/9853e75#9853e75792b29505864c0b7c23889ef441e21f3f i-077d14650704a66ab@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 33DD
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 22 Aug 2022 14:49:17 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Mon, 22 Aug 2022 14:49:17 GMT
expires
Sun, 21 Aug 2022 14:49:17 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:0671D2A38483422B810E6AE08737B306
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
SPug
simage4.pubmatic.com/AdServer/ Frame BC07 		0
47 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 14:49:19 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
SPug
simage4.pubmatic.com/AdServer/ Frame C111 		0
47 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 06:23:55 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
ssc.33across.com
URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Domain
sync.go.sonobi.com
URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D18%26buyeruid%3D%5BUID%5D%26r%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fdc%253De64f73568d2b3c34%2526fi%253D09de213fc268a926%2526uid%253Dua-ee7b6d54-dd8d-3d26-8f85-9f331039f181
Domain
sync-tm.everesttech.net
URL
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220817&jk=1232684794847123&bg=!f3ylfDjNAAYUOm8VNDo7ACkAdvg8WsgcVGT38ZmYh9qMPKw8KMH7y2-w0qupowsp4sXlK7G55gZJnQIAAADGUgAAAAFoAQeZAuA_wQkbfOThGv8QElu0Uwk6WKZ1eTS7XRso435YN_rx5bisi-8Rnmw60A3s4WekhuV5rc_6rIGlcw_81cVrtQ6y-lgXYpUg006rX_-MLJCrjba6z1z6gSChcjDQlqEF-_wvNop76QwA_bCP7lrexF8D337MFiARft395qaht694DuCY5-hjwvvLxE8hSpGYmFZt6yJPJZFNX4bKbLqsTp4nG594orcLkhmfH68SzEnq0Yca9mCPh5QjuLyCktrilVDPnc_X4X50ICaMIg2bTHS2UMzKLchgaOcRcNHoNTX2qfxFKWB3UToXoHuRaFuqVMkCd1wbu690smTvWy_1o1PcI8Tug2VHE0o7gVkDi0tmgqelK3Y8YqPzOWdKtwAnN84ZqLz2TQD5DPJOkpfyVnCRoNhejc-A0KfCp1icqDzJXWFdggkLgOct9gBUAxjQE-dx_C3MrnBEHCC-GfmUDOgIGIjrSVVVDUa-VQ-jFOaC-xJJ_CYFfNWlrP6dOUYrcn_yDpE08MlCt-So4guJvDKLJeiYeXxZ9BlrZdssg7Ep-B8W3I6GfxtTsCEwSXQvNliUVJ58d3rQA1sGK-rh7AbW30WNEukfsGgiibr2j1_BOQVPFPjfP8hwRs0NkORKHGast1ohLNq76ItSRH82pxw8sIopI1ufoaUuU82-WupnBQ5pc7evAIAhHHqhpbT_mRMY6Rl_AjgGihb-0lussfdLKy9HZOXUc4SkR0gmfKCWwuykscdwynqTRbuI1e_HVU1TkA3ktP622MJQCq3jiIophse8344S_IKTzrRjpMRTb1T_06-uipthasLMBo_ouCKIrbOGM9uiBQV2p7zbYycv5u0_V7AUKEMt6K5_cFgUEebXIBnykdJ4QapuCEsBpiE7L1UJN_PNAvvwQ8TnJZUfvr4leFhg-VY0yF24j6s8CjnBy7YIyzjt9V0cPuDe3vo858R7RZkYheJ9z8bp-RQM
Domain
e1.emxdgt.com
URL
https://e1.emxdgt.com/sync/
Domain
uipglob.semasio.net
URL
https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=76D9F978-F0E6-40D8-985B-24FB1F3CFD03&sInitiator=external&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| wp object| twemoji function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| _mN function| logFailoverPing object| __twttrll object| twttr object| __twttr object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| onYouTubeIframeAPIReady object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture boolean| isPending string| prebid_file function| findCMP_PixFuture object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| Moat#G26 boolean| Moat#EVA object| MoatSuperV26 object| Adform

110 Cookies

Domain/Path Name / Value
securityaffairs.co/wordpress/99156/cyber-crime Name: dt
Value: 2022-08-22T14:49:16.349Z
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _gid
Value: GA1.2.1004439179.1661179750
.securityaffairs.co/ Name: _gat
Value: 1
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1661179749.1.0.1661179749.0.0.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.61578736.1661179750
.agkn.com/ Name: ab
Value: 0001%3ActF4d%2F9RPbO5d3Y5NYlK1Tt281zms6DW
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: 852a2a9d-ec07-453c-8575-48a3cc0cf64c
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2E?cr`SdO!]tbP6j2F-XstGt!@D^D$iSJ4
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-08-22T14%3A49%3A10%22%7D
.adnxs.com/ Name: uuid2
Value: 5426787210987735875
.rubiconproject.com/ Name: khaos
Value: L74VJ6ZW-K-1IBU
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qo38yaT/X8WoGWQ0NNjmqbPd94gXYLevqK5ytjmgZCWnQHTREF/sbsLzYmEmZ/QEGXIxIvkAgQ2rTOZUHL6E73cMj20TaXysiPQD5U7tEfUTQ==
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: HAPLB8A
Value: s8538|YwOUr
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: ADaFV2WeGcJR72yw
.securityaffairs.co/ Name: cto_bundle
Value: D9V3zV9pU3h2VW5OR0sxekxoakklMkJiJTJCVnRpVWNWeXlNakx3NGJ6UzBGTDBxM0hmakZFdFpaOFQ3eSUyRlJZN0YzOGNvSWNLOWh5OE1YeEpPRFFacFJVbWg3WWJKQVpMYXM0dDA0Q3hvYlhobHRFeEglMkZNaGpLTGtQQlZMY1d4OGhQamlQdjV3
.securityaffairs.co/ Name: cto_bidid
Value: -fQWO180b29jQUkwSDVab1VSTyUyRmU3WDFlU1JiaCUyRmtZS1ZHN1psZ3VBUVdDOXcxNjlNakFaczBwNXRGMlNNNFNFT29NSkk4OXp2dGdTZkMzcFElMkJKbiUyRm9hdm9nJTNEJTNE
.zeotap.com/ Name: zc
Value: ce1fe6c1-8c78-4a79-4d3f-89427cb78310
.zeotap.com/ Name: zsc
Value: r%1B%83Qu%C8%BBl%D4%F8%EB%B3%A9%8F%5D%D8r%27%5C%DD%A8%123Np%9A%CAzN%FE%9F%3C%CF%FE%B1%BA%B2%A9%7D%DAK%02%1C%97%E1%DA%F5%FCrz6%1E-%9Cn%28%97R+%8F~%5C%AF%92q%8F%8B%FA%BD%92%99B%28%859M%EF%B3%AAv%AD%FA%FF%D3H%0A%D5%10%AB%28%A6%A0%99%CA%14%15%DA%0B%25%BE%98%18%BF%9A%CB%B4%28_%01%28%C2Q%F2gT%3A.%8F%D4%1A%01%3Eb%B8%E5%CEJ%EAA5%16%E9%B2%827a%16%83%B2%14%9A-%93FL%B4%AB%D2%88%01%91%9C%10U%1E%8C%BCm%80%0E%FF%1E%E9%22%DA6%19
.tapad.com/ Name: TapAd_TS
Value: 1661179751597
.tapad.com/ Name: TapAd_DID
Value: 9423c018-2b01-4121-bb07-0e53ac9e7080
.casalemedia.com/ Name: CMID
Value: YwOXZ-nR7iLTmT95w3.6RwAA
.casalemedia.com/ Name: CMPS
Value: 5149
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.adfarm1.adition.com/ Name: UserID1
Value: 7134712703347587220
.casalemedia.com/ Name: CMPRO
Value: 1173
.casalemedia.com/ Name: CMST
Value: YwOXZ2MDl2cA
.casalemedia.com/ Name: CMRUM3
Value: f16303976705a0&396303976705a0&27630397670b40&2d6303976705a0&da630397672760&2e6303976705a0&0d6303976705a0&e6630397672760
.weborama.fr/ Name: AFFICHE_W
Value: RFOb8uHFNDpE48
.theadex.com/ Name: axd
Value: 4303427147014940403
.theadex.com/ Name: tis_6AL
Value: 6ALeAowz
.tidaltv.com/ Name: tidal_ttid
Value: 847f45e4-b56b-44f7-8370-a69ba1c2e40b
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-ee7b6d54-dd8d-3d26-8f85-9f331039f181
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjI0tzK0MAIAXeqtUgkAAAA="
.doubleclick.net/ Name: IDE
Value: AHWqTUmamhjFV71rxtg4In3NYAk6z2BrLpJwAdnMY5D3JU_KT5tdYIwjjYJmwgaNuvc
.krxd.net/ Name: _kuid_
Value: PCJKbJi_
.richaudience.com/ Name: avcid-zeo-uid
Value: ce1fe6c1-8c78-4a79-4d3f-89427cb78310
.rlcdn.com/ Name: rlas3
Value: 7cu1Wh1IySowPund97lfS0tw2EfagQkKl9kxcBKc+b4=
.rlcdn.com/ Name: pxrc
Value: COeujpgGEgYIkLwrEAA=
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQURhRlYyV2VHY0pSNzJ5dyIsImV4cGlyZXMiOiIyMDIyLTA5LTA1VDE0OjQ5OjExLjkxNjA2Mzg5NFoifX0sImJkYXkiOiIyMDIyLTA4LTIyVDE0OjQ5OjExLjkxNjA0MjEwMVoifQ==
.fwmrm.net/ Name: _uid
Value: "e580c_7134712703323365008"
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjI0MjWysLQ0NhfiM9RNy8-LN0rWzcvIdzMAANIXOjIlAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjI0MjWysLQ0NhfiM9RNy8-LN0rWzcvIdzMAANIXOjIlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA__vFyGtoZmZoaG5pbmpoaWECADKshl0QAAAA
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&75994212-9fb1-478d-8721-65b1c842389f"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjExNzk3NTI7MjswMjEXjA5dzBXcB3RucP7u8U7oFOxJsnLyckUMEYBTasosCg==
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2697:u=1:x=1:i=1661179752:t=1661266152:v=2:sig=AQFok_pBJWFfykgmQ8KB9f7oVszsEEdH"
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.mathtag.com/ Name: uuid
Value: 3bb86303-9767-4d00-b3c3-7bebb0fc0705
.amazon-adsystem.com/ Name: ad-id
Value: A_fz1ChqEUlQgL9XN4r1kGY
.demdex.net/ Name: demdex
Value: 21411590077400549173960144446080830552
.dpm.demdex.net/ Name: dpm
Value: 21411590077400549173960144446080830552
.securityaffairs.co/ Name: __gads
Value: ID=5d64b67e0435ebd1-22d3ee6bfdcd00c2:T=1661179754:RT=1661179754:S=ALNI_MbcYE-EIVQOt0Yzt7PzekCrmDXtaQ
.casalemedia.com/ Name: CMTS
Value: 5143
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 76D9F978-F0E6-40D8-985B-24FB1F3CFD03
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 158127:2
.pubmatic.com/ Name: DPSync3
Value: 1662336000%3A201_197_219%7C1661212800%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1662336000%3A22_222_21_54_243_13_176_99_7_56_8_55_220_3_88_161_234_238_233_166_81_71_165_204%7C1662422400%3A35%7C1661731200%3A15_223_2%7C1661990400%3A63%7C1663718400%3A203
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 6482711138068417781
.csync.loopme.me/ Name: viewer_token
Value: 43b68981-027b-4a32-91c7-563f4213d229
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-ce715181-e84e-4902-af24-1a994ef3fef1-003%22%2C%22zdxidn%22%3A%221508%22%2C%22nxtrdr%22%3Afalse%7D
.de17a.com/ Name: guid
Value: 1.5185508362693586694
.onaudience.com/ Name: done_redirects104
Value: 1
.simpli.fi/ Name: suid
Value: 0671D2A38483422B810E6AE08737B306
.yahoo.com/ Name: A3
Value: d=AQABBGeXA2MCEKV5Jwg91BSZqRTmy9X7wRUFEgEBAQHoBGMNYwAAAAAA_eMAAA&S=AQAAAoxZkb9-jCCgiXwq1SwGL4U
.onaudience.com/ Name: cookie
Value: 5fc8dc8fd9d91ece
.turn.com/ Name: uid
Value: 9059802306217042661
ads.playground.xyz/ Name: connect.sid
Value: s%3AmVn8XuNhGhwpQ_Fty9WDKTJOeMCUGZsE.XMyXwJ0ZqSFQZh%2BMOa9FoiSRY%2BWyotjsJBSIH6icUkY
.adsby.bidtheatre.com/ Name: __kuid
Value: e6e86dce-67c3-4e53-a59b-f5ae2ba5cd44.430393754
.onaudience.com/ Name: done_redirects147
Value: 1
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~26qe
.bidswitch.net/ Name: tuuid
Value: 60e5e19e-6eae-43ec-a913-65bccdff6792
.bidswitch.net/ Name: c
Value: 1661179755
.bidswitch.net/ Name: tuuid_lu
Value: 1661179755
.quantserve.com/ Name: d
Value: EJMBCwH1JvijAA
.quantserve.com/ Name: mc
Value: 6303976b-1d102-8dcd9-454be
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-e8a54033-061b-4ad7-4d42-d547aa1202fb.m9KGSuwJ5m6kuD%2BKbMg2fWQGMMRmz%2BCAw%2F4RRhXuAEA
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A6KVAMwYbStdNQtVHqhIC-9lAl0U.bRyl2bZ%2BenzUix4gWIuxK4jz8GAbIaw%2F7O8po4sFKWI
.tribalfusion.com/ Name: ANON_ID
Value: aHnsIHolXVjQuWx7J3gZbZcmZdhrOtEJZac3aPMSviUr2S5FnqPSvCWmZcHfnVP4nqnKNM0iWWqVF7Klwbj4cYdYh2ekD
.bidr.io/ Name: bito
Value: AABoKk7GBy8AAA7MoqdhJw
.bidr.io/ Name: bitoIsSecure
Value: ok
.adstanding.com/ Name: _adstanding_id
Value: c55232f2aaac8a22d3e15295c41a5116
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 0718f7e89d5c5b36
.adform.net/ Name: TPC
Value: 1661179756211
.technoratimedia.com/ Name: tads_uid
Value: GDPR
private.vodafone-affiliate.de/ Name: PHPSESSID
Value: jepi88pq9qnqqpnjvgbuqtph3b
.vodafone-affiliate.de/ Name: ppv1175
Value: 2022082216491675192289605X112510V1175122964MSoneid4KZUEf5fA9rXCGH9HdtAtMmkzTbSpTVXUKoneid__adf_Netmix_Reach09_Mweb_KreiselDeal
.awin1.com/ Name: awpv11354
Value: 412871|1661179756|98af6b30-2229-11ed-80d0-22316432dc67
.awin1.com/ Name: AWSESS
Value: 377129:2470185
m.exactag.com/ Name: exactag_new_gk
Value: 719764c13c9a4c85aa00d596e9ed1068%7c21.10.2022+14%3a49%3a17
m.exactag.com/ Name: exactag_new_uk
Value: 6b104bd5231d4708ac5d62350e1d4627%7c
m.exactag.com/ Name: session_session
Value: f2c891d247b849bf9a12a94a
pb.media01.eu/ Name: ASP.NET_SessionId
Value: ihvhn0qwmvib4w1m4hl3ydmm
pb.media01.eu/ Name: DTU
Value: D4633B5525DC201F709936BB62F92A5C
.zenaps.com/ Name: awpv11354
Value: 412871|1661179756|98af6b30-2229-11ed-80d0-22316432dc67
.zenaps.com/ Name: AWSESS
Value: 377129:2470185
.vodafone.de/ Name: oshop
Value: queryparams||b_id||1744||queryparams||shopid||2586
www.conrad.de/ Name: HTLP_timestamp
Value: 1661179757
www.conrad.de/ Name: CEAffHA
Value: YD
.www.conrad.de/ Name: __cf_bm
Value: hrwr5x2.CNYWCIsihMl2h4eAcf_7neXQrA9efnAh5lM-1661179757-0-ATkwy1HQe49nybYWJtnHOlPwIAspAnJTL/JNbIxH78gg/ZqTBdwLpo18fuc63Dr7trM8DBvQrr7sYmZOPg9U++Q=

11 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html(Line 392)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html(Line 393)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html(Line 394)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html(Line 395)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a27a5f2dbcd76fca02b031770446541d'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dce1fe6c1-8c78-4a79-4d3f-89427cb78310%26reqId%3Df6034376-7673-4137-6d11-b11c0fc123e2%26zdid%3D1361
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://tags.bluekai.com/site/87734?id=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=ce1fe6c1-8c78-4a79-4d3f-89427cb78310&reqId=f6034376-7673-4137-6d11-b11c0fc123e2&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
as.ad4m.at
assets.ad4m.at
aud.pubmatic.com
aws-fr-sync.bidswitch.net
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
cdn.syndication.twimg.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
contextual.media.net
core.iprom.net
csync.loopme.me
d5p.de17a.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e1.emxdgt.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
ghent-aws-fr.bidswitch.net
google-analytics.com
googleads.g.doubleclick.net
green.erne.co
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imp-euro.emxdgt.com
js.brealtime.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
m.exactag.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
matching.truffle.bid
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pbs.twimg.com
pixel-eu.onaudience.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
platform.twitter.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
private.vodafone-affiliate.de
pubmatic-match.dotomi.com
pv.medialead.de
px.ads.linkedin.com
px.moatads.com
r.casalemedia.com
region1.google-analytics.com
rtb.adstanding.com
rtb.gumgum.com
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s1.adform.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.richaudience.com
sync.srv.stackadapt.com
sync.technoratimedia.com
sync.tidaltv.com
syndication.twitter.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
trc.taboola.com
u-iad04.e-planning.net
u.openx.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
usermatch.krxd.net
vfd2dyn.vodafone.de
vid.vidoomy.com
visitor.fiftyt.com
ws.sharethis.com
www.awin1.com
www.conrad.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.zenaps.com
x.bidswitch.net
z.moatads.com
api.rlcdn.com
e1.emxdgt.com
fonts.googleapis.com
pagead2.googlesyndication.com
ssc.33across.com
sync-tm.everesttech.net
sync.go.sonobi.com
uipglob.semasio.net
100.24.249.189
103.229.206.241
104.17.120.107
104.18.18.126
104.18.19.126
104.244.42.8
13.225.78.37
13.32.99.51
137.184.242.150
141.94.171.213
141.94.242.206
141.95.98.69
142.250.185.162
142.250.186.66
145.239.193.130
146.59.148.16
15.197.193.217
150.136.25.38
151.1.205.165
151.101.1.44
151.101.194.49
159.65.196.12
162.55.236.225
169.50.137.182
172.98.26.125
178.250.0.163
18.119.23.78
18.158.190.248
18.205.219.62
18.208.45.224
184.51.8.30
184.51.9.44
185.15.245.83
185.183.112.148
185.64.189.110
185.64.189.112
185.64.189.229
185.64.190.78
185.64.190.80
185.64.190.81
185.89.210.101
185.89.211.84
192.0.76.3
192.0.77.2
193.0.160.128
195.5.165.20
198.148.27.140
2.21.184.188
2.21.184.200
2.21.184.22
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
2001:8d8:100f:f000::289
205.234.175.175
212.82.100.182
212.83.160.162
213.155.156.168
213.19.147.44
213.202.235.10
23.202.52.216
23.205.235.133
23.35.229.151
2600:1f18:6593:f608:78e4:ddc4:e083:81a6
2600:9000:20eb:9c00:c:abe:f440:93a1
2600:9000:2304:ec00:3:c04e:c780:93a1
2602:803:c003:200::41
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::ac43:db6
2606:4700:20::681a:644
2606:4700:20::ac43:4a81
2606:4700:4400::6812:230b
2606:4700::6812:7f05
2606:4700::6812:bcf
2606:4700::6813:ac6c
2620:1ec:21::14
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2002
2a00:1450:4001:801::2002
2a00:1450:4001:803::200e
2a00:1450:4001:806::2004
2a00:1450:4001:808::2008
2a00:1450:4001:80f::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a02:2638::1c
2a02:6ea0:c700::10
2a02:fa8:8806:13::1370
2a04:4e42:600::300
2a04:4e42:62::159
2a04:fa87:fffe::c000:4902
2a05:d018:24:b002:4b1d:b4d8:d7a1:7bd5
2a05:d018:d29:3605:a43d:cfec:dc69:3aee
3.123.111.134
3.213.131.37
3.64.108.197
3.69.216.1
3.73.146.93
34.102.253.54
34.107.148.139
34.111.131.239
34.225.113.77
34.236.83.94
34.98.64.218
35.190.60.146
35.201.96.126
35.211.178.172
35.227.248.159
37.157.5.73
37.157.6.242
37.157.6.253
38.91.45.7
44.208.243.83
5.135.209.97
5.161.54.172
5.178.65.252
51.89.9.253
52.2.126.119
52.202.34.66
52.205.223.187
52.23.73.66
52.45.33.138
52.46.151.131
52.57.109.239
52.59.173.142
52.95.125.22
54.171.150.101
54.73.80.98
54.78.254.47
54.88.64.117
66.155.71.150
67.202.105.22
68.183.31.14
69.166.1.14
69.173.144.139
69.173.144.165
72.251.245.179
72.251.249.9
74.119.119.139
74.222.140.126
77.243.60.138
8.43.72.97
84.200.5.215
85.114.159.118
88.198.250.30
91.228.74.244
92.123.17.141
92.123.9.160
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
00f42fa843b0f3ddc9f8028adfe75a3223a3810de9aad23fba78f9f61d09ac28
04d805cf6b74dbc28de8c916eb53f9d7d84e36ae2efdb0b04c7a8e321b2bf0c6
072843f9515b3818195d2efaf1434ea4967a9dc1d90802e24b424da1440cf5db
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
089029c8f5dd6673b0bf27c0ee50bc59cf19e6c34910cb631d580ceb156a4211
0a42c253f9d455fd1fbf10c58d664bc5fd724b95fc27cb8e436df1639bdb6b66
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0c3ccb31b3eb78bc0de9514f50798c82d83e23e09662209c8ec887f6a18c7289
0cce84869a2aa2e257d51142f79dcc030eb2cd262a2a332a04cab5c413c4b931
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda
0d2d15d0a2f9ec4eef980a541ea55d9de9c6fc96736f7c1d248d3e971b61d5b4
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0e5def49d19532c8f3f167875ca076d31475e4ac52cfa179f3dfd91f4000a9d1
0e696569615c5847f19759a7e9b57198ef74d82e68ad9d65470ce2b3e0ab5a55
0f5962de984fedb6b42e6e855633ccb1e6cd223a697140b19f9655b69618ee3e
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
13106a9efe43085eb10eae74cf4f5640ffd8b6cade7ba2db4cfbf717a5e30b58
139ac7969d4c695ddef98dc69bded86ec601d304adbcfbc791e990427ade1acc
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
15d41ae296ec3b37172e443f4d1584d3a0360317d5a271eb71555bdfa96e6f00
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b
175ae53e202beaa41d779262dc3fe5f883b5ac76a1d6e1beae06ef48f3845bb4
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1db433aa9a370b060d565022a2d9677476837d2536fa4dcad8373d28fffbad85
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
23ca344f4c79cfe310d2126ea0ddf6c46a75c0fd0a9f6226ea12f2aad3247b18
2489c724131d1b1b4fc08681c6a2fc242197be3893c0d32193b52d646347cf0b
271f1faf657491123e73c338bc33b35eea055b02906447d7fe48cdd2b1bafbe1
2751a8c27ad6371b1040e89fad16496918cf44fc9e9c451d0152a0eaf59f3d86
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b02c99b94bd29097fd168548bea6dfc28c9ffd3c2d751c1f375c9da902d8f63
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dee37e8314f5eaf69698b420ef988d7898afb7d1a1ade7da32ec6fa606354b5
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30fe2b4dd3ea9446d92fa0dad1ce04ad1fb0729696ca6e04d6bfaacfb5681ed6
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dcb656c2ba0901b9af854789f42041a8c55367fcc2e91373467f3f19d37ce2b
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
42ccfba410c48bc923faa8965282ce2c3fd100dd5b2c55f704d2fc029f39cb76
43d279685cb20720e593ce20395eacd975ca6bb24a8df3fea9115ee0f6fd9561
43ec4073d62958c460872f86b38f583f3187995f0147e29144340e6826e05cb9
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48cab163ff0e9b0d1181e52187d68e1bc909972b5f690b4a2bec7b20b8ff16f9
4988b57db5d0bb041c8543b0facf2fdf341b9cdb2f4270efbeb03ac62cefa91b
4a00637aa353e2f5120dff7d29ab6b2997f2edee0ac7b80792a82ef03a804548
4a0c4062dd4631f83121672154a0aa4d182030a500e4bab908e916339fdca038
4a77aa8515e0914305d566f070e6aed1f158741280d2dfb5a9cd6d48c8bb3599
4b1f1974d2b18c192e76ffaa2d06136b8e24de2afbc9d93c45928d6f58f89864
4b304b04bf5f5519a0df46b650721b3c1a0117c15c0e407f7f1aac56099fed0c
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cd9931e0d5585c9d662314742ef0aa0e5de65d1b8f4d55a143ac04dfe8e19a7
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0dec83cbe0e5fe48a2036b6ae7291440a33c79689511315b61d13446c464bf
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
502e6a14f7ab09823b3a7e85060cac20804cd4650488c0ae9000e6c80805b9b3
5075af60bc35c1ca6aaf3ae48406bdccff363064352a37c32774a2f19d0671fd
5157b47c8fe5d1fcf9efd14b9281c2fbd995d62c83a5cc020872b6a3ffcc6a6e
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
543f1e90e16b91657384920db11d373b377d4e152e1b9081099f7c6ed7de5765
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a556e222989f6f4fc5a31956eedb06ce88c77876d152697eeb489383bdf20c5
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5da4c36aab72eaf9406ae90eead4d412af557116eb77a4e2d6f56e8d20c46a4c
60427d8f3a4bdd713fa1bd0939e9004dd46f265d2fa784a4647456584cb8ba41
610eeb65562f9766c0df43d75acbfb6a6bbfb21da6ec40be26d32cd93b349b3b
614c0f3e69541038153378ca34e655f748974e4546b83cc5b4aae4b7106f84a2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64c41a6752147d6209ab9377bd28d1970be83a0a8d8617dfa4ea8dddf0516194
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
67cd276aed895d8b704773d1a8fd78dbba68c623e89957feaddd1e78956269d7
68519228e434605b231a755ef888366a63fdab471a63db9795b74802529717e9
6a108e0af8fe6848b275a2827822879e528159c28a6f189f18288ab169abad78
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92
7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
78d5c0fe08b1ea8d12bea9af3d064f9c5cdb123e6e14e04ed99c1e50ced12d90
7fd33e11028f569f722125d67dfd2f9f2bb61f9b67e9e77815b34dffad91e537
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
861eae97a5d4839882d73c90399118631d6ade6c51d06c0cb2d6d2d91813e895
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
86abd374f9a46a943357bf193fd10469371fa9ae1f8323f72c328f2504da42e6
8799d31cc6650c1a38fc51a66d39da55cb8e8079a9ee154e6fe0c9988667bfef
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e0aa7b9cfa992549619789be8bd6a63a2c6abef5e1d2d139aa21fdeb612e8b5
8ee20d411da0b48e0a628a7baa4330f33476b45472846561e69318a593ae8830
8f5424a25c737e0a9aab339df1474b850f68f7883f3f99764c9dc3172aa7eca5
90e9f2d0a179dba1a822842ce5c3e4f0c3bd4526efb210e224305e7a5b8c7810
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade
94d6cf2810716bc417e93ea855cd83622b7ca1e2fd96fdf8c36154ac493a84e2
955ce104740b084bf508227d36801bb475235b7de0191428e7053df2311865bc
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c2388c40345a8c9a09e8eb634a72240123f49f4c2b15df11dc05c2982f52f32
9ef21dc5e252a966b014e2a28730b49097b68de8ee094cb3f33b5b52c8d15770
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2a4bcc0ff6ec2e93665ca349245daca8f8d51ff983cd738c1377088aabba457
a33a1bede3845972a7f6e81a4bce82f1869727952b7b2033edba6e7f54b821f3
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a57b918c3515ced748a8b0d297202db9b15fefd82acfddaf11f977761407b2ad
a85b1179ca4ed7dc5ea897d1b565a69ccae8d2aad29dff7bb874da7d94538bff
a868642fa5a7a4692ff83f60cf0f26a6717c5d6a6cb6d550e798462a38a66880
aa293afd1d070f7c93f915d6396b68c4fa9fa2335018e2af2e45182d5dcf6e8d
aa7e03b006fc826dbe8a9693c0e4e5bbac99fce3ad13ee590f81c4dcae14e2d5
ab284bb4630bba786de179717df91dbee93cc78defd7e6e8b116c82be1313a8d
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09
b086dc80b7682d9c831f918566694d9ea4f078c382efaf6a4b2509b7236365f9
b0a8418337f000e0cd89f94459b8938d06f73a83ffd6c4b7850a6c08b865a084
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b15611490bb46eb30ea3e16569b9d7853848040e2216fe427ad86086a07fa94a
b3d8bcb82d61a3c0b87387b4dcdd2493ea09e7190e2980c6167182ad23cd96d3
b5536c6bfbb58b6012233ffb4edb582f34c5b210bfeb208efa8d649db0f4a583
b64c04792edbe427b98b645d32df75732e5424d3a6d1e840173584dc211aa034
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
b9b060fea5d40ed1a199f9ffec8eedb296149c1c5289e65818742d16f24f4dc4
ba29b730d69c2353e3a3d6347b2da26d0a6ef9eff2a4bb2e7c99f470af05831a
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bd12d05fdd69aa3f07360894560e0bc1be44fdce5be16d0636616d5734ae2109
be3506e558922d62b5e4e4cc432dc890cebdee4fb9779485d505fd8793fa469c
c049ec6c8748fd3389e4d015d680b2f03e55c46b0447002aee2613e6f7976d97
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c37c1f73402fa88125a6f3c1cbd5102c9a2c63fb7cc1c2be439ed1cce3e567c7
c85c5201cc6d09a962f6911c31de5888934a421dc30a2a7737410d8cfc0084ff
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d3131d56978fdd26251291a6a2cb850c97ef91794a68fd4d22b0086961fa9fb8
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d49ec9e53493eae7a727c75a865697f708943f1f2e87f93a0606b0edb6a4e94e
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
daa795332e5dbcf893adf2d5f3349f02b8c1cb957ff3b5f4c11b742e33c3376f
dd02cb39990f2d13b033435cd5f1875e5fbbed61c1824597c1340d4a90352f64
dd780f204ee5e496464528cf127d58b3163cb40f7dabaaf4e5b55696c7b23c6e
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
e06c349479d5f0baa6e04d9b3dadce00edd4f38d823a07bea7651160f0846d96
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3bdc58b4bfd65f41b1b72f43da1632e4dbb30289a52965ea4c915de00fc84ab
e4b5b4338b9a39f415053330921fb2e963830b2f453ace7dab2ca2d1c6a6cb2a
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e9560ae92ea67133a0722c02d3c78504b0ad620a7aa8451aaaed7aa90ef0c3ab
e9c5062de1af0d21a4cd980d2476af44a3ecafb6eaac5c864435e71a5f167fd6
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc971fa2ce05ba2be1499ed1ec54565678396ce8bd7fcbcbd6493239c6978b7
ed71987d2062401cca016c9a4e7df1747178cfa96534cf3e5e882fc071b50d38
eda8191f9ba76f5caac6877916a84ad731e96464925a7f9225d8a78b73d01240
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f1b2915531e8fbc0f616d0cb47c1809912115767b7cf124a04dcdc832f0f9bea
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f61341c3b4f346e65b3dd2d39cfed8d126b8d34eb5bcd75ea299f85410d5f4c0
f6db599c3b23f272a399cfc035ae0f151fcfce06999358cae67a383825e5386d
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fd46bebecf8fb54cffbf3df0c8178896eb6ce1ece5942dcbf0ef80a3d296e65b
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
fdb60418f2e23b359b2ade2aca337dccf02e24215d1a77bb816ba1820e5bbff0