securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_mediu...
Submission: On November 29 via api (November 29th 2021, 10:14:04 pm UTC) from US — Scanned from DE

Summary HTTP 464 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 104 IPs in 14 countries across 98 domains to perform 464 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2021. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:215... 2600:9000:2156:5600:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.34 13.32.99.34	16509 (AMAZON-02) (AMAZON-02)
17	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
11	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	52.29.0.64 52.29.0.64	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:224... 2600:9000:224a:2a00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
11	2.21.140.74 2.21.140.74	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2606:4700:20:... 2606:4700:20::681a:b9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	35.156.119.137 35.156.119.137	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	141.95.3.40 141.95.3.40	16276 (OVH) (OVH)
3 7	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
3 5	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
7	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4 12	63.251.14.14 63.251.14.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
4	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
2	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
4	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
8	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
4	2602:803:c004... 2602:803:c004:200::140	26667 (RUBICONPR...) (RUBICONPROJECT)
4	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
5 21	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	3.70.103.160 3.70.103.160	16509 (AMAZON-02) (AMAZON-02)
4	34.102.149.62 34.102.149.62	15169 (GOOGLE) (GOOGLE)
1 2	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1 1	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
4	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3	5.178.65.253 5.178.65.253	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
3 6	18.215.193.43 18.215.193.43	14618 (AMAZON-AES) (AMAZON-AES)
1 3	168.119.79.223 168.119.79.223	24940 (HETZNER-AS) (HETZNER-AS)
1 1	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.89.20.125 104.89.20.125	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2.21.141.175 2.21.141.175	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 16	2.21.141.232 2.21.141.232	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
19	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
42	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3 4	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
17	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4 5	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
3 3	52.212.206.16 52.212.206.16	16509 (AMAZON-02) (AMAZON-02)
25 45	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	185.86.139.89 185.86.139.89	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	23.88.75.189 23.88.75.189	24940 (HETZNER-AS) (HETZNER-AS)
1 1	188.165.4.142 188.165.4.142	16276 (OVH) (OVH)
5 5	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	72.251.241.206 72.251.241.206	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	195.5.165.20 195.5.165.20	44968 (IPROM-AS) (IPROM-AS)
1 2	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
1	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	51.210.112.236 51.210.112.236	16276 (OVH) (OVH)
1	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:d018:d29... 2a05:d018:d29:3605:6798:75ff:a274:9693	16509 (AMAZON-02) (AMAZON-02)
3 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
5 5	18.195.177.130 18.195.177.130	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.178.101 35.210.178.101	15169 (GOOGLE) (GOOGLE)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	159.65.196.12 159.65.196.12	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	34.102.253.54 34.102.253.54	15169 (GOOGLE) (GOOGLE)
1	54.228.52.99 54.228.52.99	16509 (AMAZON-02) (AMAZON-02)
4 5	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1 2	37.157.6.251 37.157.6.251	198622 (ADFORM) (ADFORM)
1	2600:1f18:659... 2600:1f18:6593:f607:ba15:f8ca:726:bfa6	14618 (AMAZON-AES) (AMAZON-AES)
3 3	2a05:d018:24:... 2a05:d018:24:b002:bc48:7748:582:a849	16509 (AMAZON-02) (AMAZON-02)
3 3	54.194.185.111 54.194.185.111	16509 (AMAZON-02) (AMAZON-02)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.106 89.163.159.106	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	54.194.226.253 54.194.226.253	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	52.30.98.117 52.30.98.117	16509 (AMAZON-02) (AMAZON-02)
1 1	2.21.141.186 2.21.141.186	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	54.90.48.240 54.90.48.240	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.126.160 52.95.126.160	16509 (AMAZON-02) (AMAZON-02)
1 1	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	34.247.199.143 34.247.199.143	16509 (AMAZON-02) (AMAZON-02)
3 7	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	143.204.98.4 143.204.98.4	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
1 1	54.236.184.123 54.236.184.123	14618 (AMAZON-AES) (AMAZON-AES)
2 2	51.178.20.139 51.178.20.139	16276 (OVH) (OVH)
1	3.222.216.135 3.222.216.135	14618 (AMAZON-AES) (AMAZON-AES)
1	51.158.28.83 51.158.28.83	12876 (Online SAS) (Online SAS)
3	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
1	67.202.105.21 67.202.105.21	32748 (STEADFAST) (STEADFAST)
1 1	204.62.13.72 204.62.13.72	46636 (NATCOWEB) (NATCOWEB)
20	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
17	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
6	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
2	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	52.30.39.253 52.30.39.253	16509 (AMAZON-02) (AMAZON-02)
2 2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	31.172.81.160 31.172.81.160	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	54.92.96.182 54.92.96.182	16509 (AMAZON-02) (AMAZON-02)
2 2	18.194.17.206 18.194.17.206	16509 (AMAZON-02) (AMAZON-02)
2 2	194.190.76.44 194.190.76.44	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1	35.212.101.174 35.212.101.174	15169 (GOOGLE) (GOOGLE)
2	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
1	216.46.185.183 216.46.185.183	13649 (ASN-VINS) (ASN-VINS)
3	52.30.14.23 52.30.14.23	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
464	104

46 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:5600:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-34.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.0.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-0-64.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:2a00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.21.140.74 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-140-74.deploy.static.akamaitechnologies.com

lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:b9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.119.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-119-137.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.3.40 (France)

ASN16276 (OVH, FR)
PTR: p30.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.223.40.198 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.50 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 63.251.14.14 (United States) 4 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.33.221.53 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.70.103.160 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-70-103-160.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.149.62 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 62.149.102.34.bc.googleusercontent.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.249.52.248 (Huissen, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.25 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 5.178.65.245 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

u-ams02.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 5.178.65.253 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net

s.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.215.193.43 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-193-43.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 168.119.79.223 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.223.79.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.42.132 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.21.141.175 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-175.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2.21.141.232 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-232.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.245 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.130.49 (United States) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.212.206.16 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-206-16.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 142.250.185.194 (United States) 25 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.89 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.88.75.189 (Gunzenhausen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.189.75.88.23.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.165.4.142 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip142.ip-188-165-4.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.44 (United Kingdom) 5 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.206 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::300 (United States) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.245 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.210.112.236 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: pikafka-1.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:6798:75ff:a274:9693 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.195.177.130 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-177-130.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.178.101 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 101.178.210.35.bc.googleusercontent.com

a.volvelle.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.196.12 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.228.52.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-52-99.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.248.159 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.251 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f607:ba15:f8ca:726:bfa6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:24:b002:bc48:7748:582:a849 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.194.185.111 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-185-111.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Erba, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.106 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.194.226.253 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.98.117 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-98-117.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.141.186 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-186.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.48.240 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-48-240.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.126.160 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.42.102 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.247.199.143 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-199-143.eu-west-1.compute.amazonaws.com

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.151.100 (United States) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-4.fra50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.177.54 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.236.184.123 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-184-123.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.178.20.139 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns31193669.ip-51-178-20.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.216.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-216-135.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.158.28.83 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-28-83.rev.poneytelecom.eu

js.cookieless-data.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.62.13.72 (Clifton, United States) 1 redirects

ASN46636 (NATCOWEB, US)

pixfuture-inv-nyc.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.214.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)
PTR: s-fr3.rutarget.ru

google-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.39.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-39-253.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.160 (Muehlheim am Main, Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.92.96.182 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-92-96-182.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.17.206 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-17-206.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 194.190.76.44 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: hosting.adhigh.net

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.212.101.174 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 174.101.212.35.bc.googleusercontent.com

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 82.113.101.132 (Offenbach, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.46.185.183 (Littleton, United States)

ASN13649 (ASN-VINS, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.30.14.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	googlesyndication.com pagead2.googlesyndication.com Failed tpc.googlesyndication.com	731 KB
60	doubleclick.net 25 redirects cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net	124 KB
46	securityaffairs.co securityaffairs.co	1 MB
36	media.net contextual.media.net lg3.media.net prebid.media.net navvy.media.net	337 KB
33	pubmatic.com 1 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	53 KB
30	adnxs.com 8 redirects secure.adnxs.com ib.adnxs.com acdn.adnxs.com	91 KB
20	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	185 KB
19	zeotap.com spl.zeotap.com mwzeom.zeotap.com	6 KB
17	2mdn.net s0.2mdn.net	416 KB
17	rubiconproject.com 4 redirects fastlane.rubiconproject.com secure-assets.rubiconproject.com eus.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com token.rubiconproject.com	28 KB
16	casalemedia.com 5 redirects ssum.casalemedia.com dsum-sec.casalemedia.com ssum-sec.casalemedia.com	17 KB
12	lijit.com 4 redirects ap.lijit.com	5 KB
11	openx.net pixfuture2-d.openx.net rtb.openx.net u.openx.net	2 KB
11	wp.com i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com	42 KB
9	google.com adservice.google.com www.google.com	2 KB
9	e-planning.net 1 redirects ads.us.e-planning.net u-ams02.e-planning.net s.e-planning.net	17 KB
9	yahoo.com 5 redirects c2shb.ssp.yahoo.com pr-bh.ybp.yahoo.com ups.analytics.yahoo.com cms.analytics.yahoo.com	5 KB
7	crwdcntrl.net 2 redirects bcp.crwdcntrl.net tags.crwdcntrl.net sync.crwdcntrl.net	15 KB
7	adsrvr.org 3 redirects match.adsrvr.org	3 KB
6	adform.net 4 redirects c1.adform.net dmp.adform.net	3 KB
6	audrte.com 3 redirects a.audrte.com	5 KB
5	tapad.com 4 redirects pixel.tapad.com	2 KB
5	bidswitch.net 5 redirects x.bidswitch.net	3 KB
5	everesttech.net 4 redirects sync-tm.everesttech.net	1 KB
5	33across.com ssc.33across.com ssc-cms.33across.com	752 B
5	criteo.com 1 redirects gum.criteo.com mug.criteo.com dis.criteo.com	2 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com l.sharethis.com buttons-config.sharethis.com	50 KB
4	amazon-adsystem.com 2 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	3 KB
4	mathtag.com 4 redirects sync.mathtag.com pixel.mathtag.com	3 KB
4	sonobi.com apex.go.sonobi.com	3 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	40 KB
3	googletagservices.com www.googletagservices.com	110 KB
3	google.de adservice.google.de	1 KB
3	googleadservices.com partner.googleadservices.com	1 KB
3	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	942 B
3	demdex.net 3 redirects dpm.demdex.net	3 KB
3	tidaltv.com 3 redirects sync.tidaltv.com	1 KB
3	taboola.com 1 redirects trc.taboola.com match.taboola.com	705 B
3	1rx.io 3 redirects sync.1rx.io	2 KB
3	bidr.io 3 redirects match.prod.bidr.io	2 KB
3	richaudience.com 1 redirects sync.richaudience.com	744 B
3	sitescout.com 2 redirects pixel.sitescout.com pixel-sync.sitescout.com	816 B
3	sharethrough.com btlr.sharethrough.com	343 B
2	o2online.de portal.o2online.de	1 KB
2	adhigh.net 2 redirects px.adhigh.net	962 B
2	advertising.com 2 redirects pixel.advertising.com	935 B
2	rfihub.com 2 redirects a.rfihub.com p.rfihub.com	2 KB
2	eyeota.net ps.eyeota.net	2 KB
2	dyntrk.com 2 redirects gu.dyntrk.com	850 B
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	673 B
2	dotomi.com pubmatic-match.dotomi.com dclk-match.dotomi.com	207 B
2	volvelle.tech 2 redirects a.volvelle.tech	1 KB
2	turn.com 2 redirects ad.turn.com d.turn.com	929 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	agkn.com 1 redirects aa.agkn.com	565 B
2	facebook.net connect.facebook.net	85 KB
1	ib-ibi.com global.ib-ibi.com	72 B
1	e-volution.ai rtb2-useast.e-volution.ai	233 B
1	chocolateplatform.com cs.chocolateplatform.com	90 B
1	adingo.jp cc.adingo.jp	44 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	676 B
1	yieldmo.com ads.yieldmo.com	35 B
1	adkernel.com dsp.adkernel.com	233 B
1	rutarget.ru 1 redirects google-sync.rutarget.ru	579 B
1	admixer.net 1 redirects pixfuture-inv-nyc.admixer.net	538 B
1	cookieless-data.com js.cookieless-data.com	535 B
1	adentifi.com rtb.adentifi.com	88 B
1	extend.tv 1 redirects sync.extend.tv	546 B
1	imrworldwide.com 1 redirects obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	215 B
1	bluekai.com 1 redirects tags.bluekai.com	346 B
1	mookie1.com odr.mookie1.com	324 B
1	theadex.com dmp.theadex.com	334 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	411 B
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	469 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	534 B
1	quantserve.com 1 redirects pixel.quantserve.com	541 B
1	simpli.fi um.simpli.fi	616 B
1	onaudience.com 1 redirects pixel.onaudience.com	400 B
1	iprom.net core.iprom.net	279 B
1	adgrx.com cm.adgrx.com	408 B
1	ad4m.at ad4m.at	915 B
1	erne.co 1 redirects green.erne.co	325 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	smartadserver.com rtb-csync.smartadserver.com	163 B
1	onetag-sys.com onetag-sys.com	823 B
1	rlcdn.com api.rlcdn.com Failed id.rlcdn.com
1	id5-sync.com id5-sync.com	536 B
1	facebook.com graph.facebook.com	657 B
1	gravatar.com secure.gravatar.com	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
0	googleapis.com Failed fonts.googleapis.com Failed
464	98

	Domain	Requested by
46	securityaffairs.co	securityaffairs.co
45	cm.g.doubleclick.net	25 redirects ads.us.e-planning.net googleads.g.doubleclick.net bcp.crwdcntrl.net
42	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
21	ib.adnxs.com	5 redirects cdn.pixfuture.com spl.zeotap.com acdn.adnxs.com googleads.g.doubleclick.net
20	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
17	s0.2mdn.net	securityaffairs.co googleads.g.doubleclick.net s0.2mdn.net
17	contextual.media.net	securityaffairs.co contextual.media.net cdn.pixfuture.com
15	mwzeom.zeotap.com	ads.us.e-planning.net spl.zeotap.com
13	dsum-sec.casalemedia.com	4 redirects ssum.casalemedia.com googleads.g.doubleclick.net
12	ap.lijit.com	4 redirects cdn.pixfuture.com
11	lg3.media.net	securityaffairs.co contextual.media.net
11	served-by.pixfuture.com	securityaffairs.co cdn.pixfuture.com
10	simage2.pubmatic.com	ads.pubmatic.com
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	image2.pubmatic.com	ads.pubmatic.com
7	prebidserver.pixfuture.com	cdn.pixfuture.com ads.us.e-planning.net
7	match.adsrvr.org	3 redirects cdn.pixfuture.com ads.us.e-planning.net ssum.casalemedia.com bcp.crwdcntrl.net
6	googleads4.g.doubleclick.net	googleads.g.doubleclick.net securityaffairs.co
6	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
6	ads.pubmatic.com	ads.us.e-planning.net ads.pubmatic.com cdn.pixfuture.com
6	a.audrte.com	3 redirects ads.us.e-planning.net a.audrte.com
5	pixel.tapad.com	4 redirects ads.us.e-planning.net
5	x.bidswitch.net	5 redirects
5	sync-tm.everesttech.net	4 redirects ads.pubmatic.com
5	secure.adnxs.com	3 redirects securityaffairs.co
4	u.openx.net	cdn.pixfuture.com
4	acdn.adnxs.com	cdn.pixfuture.com
4	pixel.rubiconproject.com	ads.us.e-planning.net
4	ups.analytics.yahoo.com	3 redirects ssum.casalemedia.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	spl.zeotap.com	ads.us.e-planning.net ads.pubmatic.com spl.zeotap.com
4	eus.rubiconproject.com	ads.us.e-planning.net eus.rubiconproject.com cdn.pixfuture.com
4	u-ams02.e-planning.net	ads.us.e-planning.net ads.pubmatic.com ssum.casalemedia.com
4	navvy.media.net	contextual.media.net
4	hbopenbid.pubmatic.com	cdn.pixfuture.com
4	apex.go.sonobi.com	cdn.pixfuture.com
4	fastlane.rubiconproject.com	cdn.pixfuture.com
4	pixfuture2-d.openx.net	cdn.pixfuture.com
4	prebid.media.net	cdn.pixfuture.com
4	ssc.33across.com	cdn.pixfuture.com
3	sync.crwdcntrl.net	bcp.crwdcntrl.net
3	www.googletagservices.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	token.rubiconproject.com	3 redirects
3	bcp.crwdcntrl.net	2 redirects tags.crwdcntrl.net
3	dpm.demdex.net	3 redirects
3	sync.tidaltv.com	3 redirects
3	sync.mathtag.com	3 redirects
3	sync.1rx.io	3 redirects
3	match.prod.bidr.io	3 redirects
3	image6.pubmatic.com	1 redirects ads.pubmatic.com spl.zeotap.com
3	sync.richaudience.com	1 redirects ads.us.e-planning.net spl.zeotap.com
3	rtb.openx.net	ads.us.e-planning.net googleads.g.doubleclick.net
3	s.e-planning.net	ads.us.e-planning.net
3	btlr.sharethrough.com	cdn.pixfuture.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	i1.wp.com	securityaffairs.co
3	i0.wp.com	securityaffairs.co
2	portal.o2online.de
2	px.adhigh.net	2 redirects
2	pixel.advertising.com	2 redirects
2	ps.eyeota.net
2	gu.dyntrk.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum.casalemedia.com
2	aax-eu.amazon-adsystem.com	1 redirects ads.us.e-planning.net
2	beacon.krxd.net	spl.zeotap.com ads.us.e-planning.net
2	idsync.frontend.weborama.fr	2 redirects
2	dmp.adform.net	1 redirects spl.zeotap.com
2	pixel-sync.sitescout.com	1 redirects googleads.g.doubleclick.net
2	a.volvelle.tech	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	image4.pubmatic.com	ads.pubmatic.com
2	trc.taboola.com	1 redirects spl.zeotap.com
2	sync.targeting.unrulymedia.com	2 redirects
2	dsp.adfarm1.adition.com	2 redirects
2	d5p.de17a.com	2 redirects
2	ssum.casalemedia.com	1 redirects ads.us.e-planning.net
2	ads.us.e-planning.net	1 redirects cdn.pixfuture.com
2	c2shb.ssp.yahoo.com	cdn.pixfuture.com
2	mug.criteo.com	securityaffairs.co
2	gum.criteo.com	1 redirects
2	aa.agkn.com	1 redirects cdn.pixfuture.com
2	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
2	pixel.wp.com	securityaffairs.co
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	i2.wp.com	securityaffairs.co
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	d.turn.com	1 redirects
1	global.ib-ibi.com	bcp.crwdcntrl.net
1	simage4.pubmatic.com	ads.pubmatic.com
1	rtb2-useast.e-volution.ai	googleads.g.doubleclick.net
1	cs.chocolateplatform.com	googleads.g.doubleclick.net
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	cc.adingo.jp	googleads.g.doubleclick.net
1	sync3.sniperlog.ru	1 redirects
1	p.rfihub.com	1 redirects
1	a.rfihub.com	1 redirects
1	ads.yieldmo.com	googleads.g.doubleclick.net
1	dsp.adkernel.com	googleads.g.doubleclick.net
1	google-sync.rutarget.ru	1 redirects
1	pixfuture-inv-nyc.admixer.net	1 redirects
1	ssc-cms.33across.com	cdn.pixfuture.com
1	js.cookieless-data.com	s.e-planning.net
1	rtb.adentifi.com	ssum.casalemedia.com
1	sync.extend.tv	1 redirects
1	ssum-sec.casalemedia.com	ssum.casalemedia.com
1	tags.crwdcntrl.net	s.e-planning.net
1	id.rlcdn.com	ads.us.e-planning.net
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	1 redirects
1	tags.bluekai.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	pixel.mathtag.com	1 redirects
1	odr.mookie1.com	spl.zeotap.com
1	cms.analytics.yahoo.com	1 redirects
1	dmp.theadex.com	spl.zeotap.com
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	rtb.gumgum.com	ads.pubmatic.com
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	ad.turn.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	pixel.onaudience.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	match.taboola.com	ads.pubmatic.com
1	core.iprom.net	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	ad4m.at	ads.pubmatic.com
1	green.erne.co	1 redirects
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	ads.pubmatic.com
1	dis.criteo.com	ads.pubmatic.com
1	pixel-eu.rubiconproject.com	eus.rubiconproject.com
1	onetag-sys.com	ads.us.e-planning.net
1	secure-assets.rubiconproject.com	1 redirects
1	pixel.sitescout.com	1 redirects
1	id5-sync.com	cdn.pixfuture.com
1	graph.facebook.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
1	www.googletagmanager.com	securityaffairs.co
0	api.rlcdn.com Failed	cdn.pixfuture.com
0	fonts.googleapis.com Failed	securityaffairs.co
464	154

This site contains links to these domains. Also see Links.

Domain
www.pixfuture.com
httpd.apache.org
tools.cisco.com
www.bsi.bund.de
twitter.com
www.facebook.com
www.linkedin.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-24` - `2022-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-08` - `2021-12-07`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.id5-sync.com R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-11-26` - `2022-02-24`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
ads.us.e-planning.net R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
*.e-planning.net R3	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.audrte.com Amazon	`2021-01-26` - `2022-02-24`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.iprom.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2022-02-16`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.theadex.com AlphaSSL CA - SHA256 - G2	`2021-10-01` - `2022-11-02`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-17` - `2022-02-09`	6 months	crt.sh
adentifi.com Amazon	`2021-09-04` - `2022-10-03`	a year	crt.sh
js.cookieless-data.com R3	`2021-09-30` - `2021-12-29`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.eyeota.net R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
chocolateplatform.com GTS CA 1D4	`2021-10-25` - `2022-01-23`	3 months	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2021-09-13` - `2022-10-14`	a year	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-19`	a year	crt.sh
*.ib-ibi.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-03-08`	a year	crt.sh

This page contains 81 frames:

Primary Page: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Frame ID: 31615CB2134EAF39224CC7A77E166584
Requests: 151 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: FF8DD2128030150ABEFC93A180DB9155
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: CD8B0E5FAF452119DCF14C474764E463
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 1AEC6C76B58E270F041D5F4D1CECF2A9
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 1EE917FA9DE27B2EA7A61E142D051EF0
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV52461.js
Frame ID: 763BA43E32892E9DBE537FBF2BE4CBE2
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV52461.js
Frame ID: 7CED48C8F2B7C9FFFCD59AEF373F635C
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV52461.js
Frame ID: 317334256251FB6DFC34978AEA447703
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV52461.js
Frame ID: D963491E9F9CA17C1AAAD899AEFF550A
Requests: 6 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 73EE8A3CD3E8498821EF266F8EC37FDB
Requests: 13 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 92999F3EE798E7A44AF7D1FE5E8D6992
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Frame ID: 5C905A5806983D0E13E54779EF69D158
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 52A6AC3928D87AFF9E9E473017186BEB
Requests: 1 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Frame ID: 72AB01C116E8DBDA0B5B7A68505B8EE3
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 7630F3B6E3E275664E074D8B5F317A35
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&cmp=0
Frame ID: 32CFDE546DAE7FE6CC1C025436505A8E
Requests: 31 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 0BD49E88DE0E02C7A53EA0A144711633
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 717347904C1CC6C879E68C9AF8031779
Requests: 8 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951
Frame ID: A78F1C4886774329C87467AA3A98DE24
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8308693492827297970
Frame ID: 653AB319164C5ADF133493D8B3D910FF
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: EAF4054716BEC4457B68DA7BAF405116
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036118662444742804
Frame ID: 996D826A2CA6F361F3648C3D86F28521
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YaVQpQAIXW9-PABG
Frame ID: 2C7D966D4DCE31F3E07569BA17660033
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAKWrk7DSqEAACyA0d0xdw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Frame ID: 05999077BDF83F5511D2325D6E789A09
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: C37283B1A48DA809FD43AF80B5FAF4CB
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SKGYoVVaJ2cc7L1RCx27X5n1
Frame ID: A92652E3A5526BFBBABF1ADBAA56802D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-88650328-fd5e-4cac-bf90-42bf4697315c-003
Frame ID: 8CDE99C97E0A010438B17A571D6DE332
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 764C8A12D2CE0889E9241B250574440A
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: E90AF5AABB6765EDDFFB763EFA859F89
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: B589D7D21507CBE3CE3ECF39A9C64227
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 780CEBB35E879A123297FB41F458D557
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 807E74CD3CDC5B0B3083282C9ED1AF67
Requests: 1 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=cd67d0220b8943e9&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951
Frame ID: D01CD2B753941A41A782F9C514BDD211
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 8D16BA081584951CDF9204DAAA2555E4
Requests: 8 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 782D8420C31CCDF5CC55D3553B3AA5BD
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AGz0D1WqaC8hbJeu
Frame ID: FE6CD244770124EFBA9EC8CABCA62423
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
Frame ID: 35449D9704B1D3200C4941A517706B4E
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Frame ID: 9EBE3962E1542FCB2DF314FDE35BA8B5
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694
Frame ID: F98676539F8D2ED9BEAEB4DEABFCB980
Requests: 14 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0BBD2ACA6C5070A63F6B49FF6AE5F95D
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 23CEE58D9483219AA5D0AEC3E0A7F843
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: C2A4B5E3EF65E5E5B398FC6F1B456B0C
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 23D0DB05E105E79D6B46DBEE06EC43C4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 083D7D3D8CE925584449D2948D250BDC
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 2BF65434A9226D0F91DB6482D7141CA5
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 05EE54ED31633CAC9C8022698E923C9A
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: D14C420BD899C3EE9C9009132B95225F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 43459ADBCC27ADFD0445156D8939C163
Requests: 3 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 9AC6A2AE5CDB318FA95D38EC6537D67E
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 1B71E359C4C146FE8A57305DBFBBF49C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A70B34970B3884D8E20EC8968E3DD833
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 13833A3837E1E8AF2798F409E3C05078
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 9EC23058535431DAA50EE5783C830959
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 962723E98EC04D78FFC6BE3951B5581F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 59DBFFA00BBFCCFFE26CBABAF3FA7CA7
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: E353E4B9DBE1FF9624901BA3FC921E1B
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: F9E040CAD9069C375A94DEE156C123FD
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: B311F4199941BCED72807816923A7810
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: E83A37316A307DBB25DA055AC9336DEB
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 227554932E8C770CA4FF6E83A7EF75F0
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 9F0CBF47A9F7E72E8D3EB7B86E057C54
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARim5eioATAB&v=APEucNUzkUYoqNF8vQfGA0y64lKxv3GRGEhytwr7LzERlid18u71VckCZin5KMqmydIot-h-fcd0vXHSa_WzW6zF_VJdDDVBX0Vjj3fvLDfRMhj4V--LMIU_RAZxg-Snn6vcMkeRyabIJkdqNHokIQuipriqG8H0ONUT5kpdOQC73ORoPMNAUHlMhsCNex4uWXb3ecHUIfk81XfSO5GNJZ-Og_lnE6gczw
Frame ID: 98189FB6B58B1317FC5286BA0D1B2A0A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiG6eioATAB&v=APEucNVzDghMzF5L8N5MsDdn80kS62hOxzT0CnVhKUtFGaE_ETZpu3jMe5qN9lUk7QUFCpuHvNiYvYaZkn5I4xTCZcuFV78IvSuzF8HQxo0s9wYQ2NDbmmTOT9VnBoh1vvnUxtGYggAnUtVa7wkL668nB9irmeHPRFloe7WXp7z_STHgtSIYaRP6lY2wIXRKUyDG_ZqK4tto7vfqD3eLDpEBckjGXUYh2A
Frame ID: 9081B8CD0E86274148B67B9E6DD5BE53
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhDX2YykAhiN4fe6ATAB&v=APEucNUZTJr46uz88-8NnTmEDEKbbGBE1o4MtAjQjp_WeOpY7EkJS79_zthqiR7Tmfem9irlPFgycov0XxQ3-AMIAbnfKHLhHvNHiDkv_2IDcwsQU_ZQ0nTxpk8AkCFA_rnmOLE0G-gYoItJPcDlh1wqHXHCW-reK_ZB7fNbrtusv4SjJM-miE6r4jHEjh5CAvx-DaVnzT1jwH8hpXtepSol0YZcqfbwlA
Frame ID: 61606527E66350DA152AF9BB387B779C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BB3264F9451A57A01C21C85FB2562FCD
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 90DD3AEC2336DFDD17E5B1354C3F1251
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B3784186C4CF75AD5AAFC3E7EE81D01C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 94DC24334ADDE13823593889D80B4B54
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 00642AB892DED4A381C558254A72D1C3
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
Frame ID: F6A1BEA1636881EA36ADF5D11E909A22
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
Frame ID: 6216D49C987CDDADF3E79154BE847FE7
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8689DD68827F4CD4E169560CCF37C06C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: B74A071CE763DFF246CDCCE3D81BC4FF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FD78021D67CFC163748A0C4DD56B70B3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: E79EBAF3A32B2C56991FF2A207A18F98
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E90945D3AB31A568D21E6E5C89DBC228
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 987F1C1031E0D254A2CA241DABE754F1
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BCE65E86FCF18CD62891FFE57BAC7E72
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js
Frame ID: 4A41FC7C3B168EB41BAACE4D9C9B3CA6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js
Frame ID: 484B5D5163CA8A65AE8378F7AE8A7B11
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Frame ID: 35711BA7E2F7AF948A9816219E150F5F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Experts warn of attacks exploiting CVE-2021-40438 in Apache HTTP ServerSecurity Affairs

Page Statistics

464
Requests

81 %
HTTPS

23 %
IPv6

98
Domains

154
Subdomains

104
IPs

14
Countries

3761 kB
Transfer

7653 kB
Size

116
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pixfuture.com/advertisers/?id0348293521d
Title: Powered by pixfuture

Search URL Search Domain Scan URL

URL: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.49
Title: change log

Search URL Search Domain Scan URL

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Title: security advisory

Search URL Search Domain Scan URL

URL: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-270312-10F2.pdf
Title: alert

Search URL Search Domain Scan URL

URL: https://twitter.com/securityaffairs
Title: @securityaffairs

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sec.affairs
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html&text=Experts%20warn%20of%20attacks%20exploiting%20CVE-2021-40438%20flaw%20in%20Apache%20HTTP%20Server%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=l0i5anxteFVFNUhjeUlzOWdMVHdFUWFweUdHcGsxUXNoZUgvUW5uSUVwQjl6OG9vSE5MZ2JKR25sNzdaMnEwVXZCbElxUUgxbTlqUGUvblpPZHUyeDFnYUhpTnVNaFV3SDM5Q1plU1dsRktOZU5FZFc2ODJxL1R1TzR5L0NKdjlrYTlvZWlnWi91elloTkRzZVZIV2tORDdZenRCQStIRHhPeHR4NmZXUHBlWEdGeU1BZlh0cExSWWpaTEhDK0ViSE9CamZSUG53UWc1SmlsK1NOUmMwYUxmSWgyZHdsRjYzZEdDalRqQVJKOFJzWDhzPXw&cppv=2

Request Chain 101

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Request Chain 102

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Request Chain 171

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Request Chain 172

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dcd67d0220b8943e9 HTTP 302
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=cd67d0220b8943e9

Request Chain 177

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dcd67d0220b8943e9 HTTP 302
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

Request Chain 178

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dcd67d0220b8943e9%26uid%3D%24UID HTTP 302
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=cd67d0220b8943e9&uid=9164184649206400284

Request Chain 179

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

Request Chain 185

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1

Request Chain 193

https://c1.adform.net/serving/cookie/match?party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951

Request Chain 194

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8308693492827297970

Request Chain 196

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036118662444742804

Request Chain 197

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YaVQpQAIXW9-PABG

Request Chain 198

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFLV3JrN0RTcUVBQUN5QTBkMHhkdw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFLV3JrN0RTcUVBQUN5QTBkMHhkdw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1&google_tc= HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAKWrk7DSqEAACyA0d0xdw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Request Chain 199

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 200

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SKGYoVVaJ2cc7L1RCx27X5n1

Request Chain 201

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=668765650 HTTP 302
https://sync.1rx.io/usersync/tradedesk/44067512-ebff-4bb2-874f-f9d23e6f8868 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-88650328-fd5e-4cac-bf90-42bf4697315c-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-88650328-fd5e-4cac-bf90-42bf4697315c-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-88650328-fd5e-4cac-bf90-42bf4697315c-003

Request Chain 205

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 206

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_tc= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 209

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f8961a5-50a5-4300-8dbf-291279c28324

Request Chain 210

https://pixel.onaudience.com/?partner=214&mapped=D2319F56-C5A0-42B9-B769-D18C2EDA2951 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=f270faaf4d4acc77

Request Chain 211

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDIzMTlGNTYtQzVBMC00MkI5LUI3NjktRDE4QzJFREEyOTUx&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDIzMTlGNTYtQzVBMC00MkI5LUI3NjktRDE4QzJFREEyOTUx&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 212

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJNfXEZoo08iizV84D9SHS8&google_cver=1

Request Chain 214

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:256a61a5-50a4-4600-9e32-f5e5704687e5&gdpr=0&gdpr_consent=

Request Chain 215

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3263444035503318260

Request Chain 216

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44067512-ebff-4bb2-874f-f9d23e6f8868

Request Chain 217

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9164184649206400284&gdpr=0&gdpr_consent=

Request Chain 218

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp

Request Chain 220

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-21GisMdE2uUSXb2hFeeUfAwcixNlI1Q-~A&gdpr=0&gdpr_consent=

Request Chain 221

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3461406640998964335&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 222

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=1ebc5df1-a338-463d-ad0e-56dbaf724a0f HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=1ebc5df1-a338-463d-ad0e-56dbaf724a0f HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=e281b5ac-7392-4743-ae53-30ce284ee46a&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1ebc5df1-a338-463d-ad0e-56dbaf724a0f&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 224

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 225

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3e9354e2-d33e-49fb-a662-e8d05a24cba5&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 226

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=9164184649206400284

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEPcLlgCP4-2l0zPHdQifERA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 232

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 234

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=44067512-ebff-4bb2-874f-f9d23e6f8868&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 238

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=04654168-1a34-41ad-b6c4-41fae8ee288e&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 239

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9e6ea614-b668-44d5-4258-826e87fbe92d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9e6ea614-b668-44d5-4258-826e87fbe92d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=65212596784205182982595777755166594848&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 241

https://bn01.er.bemail.it/zeotap.php?_bid=9e6ea614-b668-44d5-4258-826e87fbe92d&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021112923-19685-0.073303001638224040-65de840e33ff5590878729426793e80c&zdid=533&env=mWeb

Request Chain 242

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=7036118662445267092&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 243

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d

Request Chain 244

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9e6ea614-b668-44d5-4258-826e87fbe92d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9e6ea614-b668-44d5-4258-826e87fbe92d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361&bounce=1&random=3131428211 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=2YvXuRkD0EWOns/xvmz3le&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 246

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=9e6ea614-b668-44d5-4258-826e87fbe92d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=9e6ea614-b668-44d5-4258-826e87fbe92d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=6c84b138676a7ceb38bbd4554f581ddf&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 247

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-4XoUH4ZE2oquuaaY.p57w0UgDKjA_YW2tQ--~A&zpartnerid=570&env=mWeb

Request Chain 248

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjDyhbQKImYXoea4UqbXA75L%2BS41iYitP1U%3D

Request Chain 252

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YaVQpQAIXKp-pABG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 253

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=42b661a5-50a5-4f00-ac9e-def5795000e4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 254

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 255

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&dcc=t

Request Chain 256

https://tags.bluekai.com/site/87734?id=9e6ea614-b668-44d5-4258-826e87fbe92d&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 257

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Request Chain 259

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=42b661a5-50a5-4f00-ac9e-def5795000e4

Request Chain 260

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDdkNTNiNzBlZjdlMzNmNTc4OTZjN2VmYmEzMDgxNTAzOWFkNTZhOQ

Request Chain 262

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/6JLIv1RuKsUV8qFvpvtfXg?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3857649443309580887

Request Chain 263

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dMOEFLVzUtNS1LTVNK

Request Chain 265

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEwMW1hQFhMEpC-7Xm-eBxY&google_cver=1

Request Chain 266

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YaVQpQAIXKp-pABG HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaVQpQAIXKp-pABG&_test=YaVQpQAIXKp-pABG

Request Chain 274

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YaVQpdctlXTUZXoe9iiQCAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1&gdpr=1

Request Chain 276

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEG6Row3u6TA4YZ3i5ePmKoA&google_cver=1

Request Chain 277

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&dcc=t

Request Chain 278

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=e7ac3de6-9366-4d42-be9a-9ac5d69c864f

Request Chain 279

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

Request Chain 328

https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%24visitor_cookie%24%24 HTTP 302
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=f2fcaa08f326410bac093c7d33257b4e

Request Chain 336

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=7706728541878583623 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEA0sy6XxHSZzew4OhqBGfxs&google_cver=1 HTTP 302
https://ps.eyeota.net/match?bid=kh51m51&uid=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=

Request Chain 338

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=&google_gid=CAESEA0sy6XxHSZzew4OhqBGfxs&google_cver=1 HTTP 302
https://a.audrte.com/p

Request Chain 356

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 357

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 358

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Request Chain 359

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Request Chain 360

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 361

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 362

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Request Chain 363

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Request Chain 364

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 365

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

Request Chain 366

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Request Chain 367

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Request Chain 384

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESENtq-ItWe-3FP4nimwN9MzU&google_cver=1&google_push=AYg5qPKFN4Le0jT3kgwRRy0jrD5MM-GUXS68PMINuXnR6EErDJEMSFRnWy5guPxccMRPun7GuDTQLAIatkHN7Jf3O38Q2S-4pqcP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=BGVBaBo0Qa22xEH66O4ojg&gdpr=1&gdpr_consent=

Request Chain 385

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEAct4KMEUp5briZc4dT4j7E&google_cver=1&google_push=AYg5qPIaeMT-JQINWi6p2zVKmqxldhscFROumLYLSnaxX-8ug6CyznfnCuCOrpR-y1pp83iqiBzM1DzsjzT0FDmWuB1sip17Eec HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIaeMT-JQINWi6p2zVKmqxldhscFROumLYLSnaxX-8ug6CyznfnCuCOrpR-y1pp83iqiBzM1DzsjzT0FDmWuB1sip17Eec

Request Chain 386

https://google-sync.rutarget.ru/sync?google_gid=CAESEFqV_fPCmL8aFlBAePvDFys&google_cver=1&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFINnOVLgIwLAYaVpsL47 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WVZTWjFJUmM0Vmt5&google_ula=2046794&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFINnOVLgIwLAYaVpsL47

Request Chain 389

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMrKHo8Z5T6WMCmV7_Hd0ts&google_cver=1&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1L95tR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1L95tR&google_hm=NDQwMDIzMTI2MDA5MTY3MjY1Mw==

Request Chain 400

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEM9nyNCTWOWmtF5hwh9-dcc&google_cver=1&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO_Ce1IQ HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=4400231260091672653&expires=30&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO_Ce1IQ&google_hm=Hrxd8aM4Rj2tDlbbr3JKDw==

Request Chain 401

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEJtS_rX-m8Iw5ZzJe5qVAgk&google_cver=1&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03kRHKmsYQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03kRHKmsYQ

Request Chain 403

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco&google_hm=363a32bb5c098b5dca7062f3

Request Chain 404

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG6Piy7fJpQrCJ-Isw9c00Y&google_cver=1&google_push=AYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-88650328-fd5e-4cac-bf90-42bf4697315c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ%26google_hm%3DA4hlAyj9Xkysv5BCv0aXMVw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ&google_hm=A4hlAyj9Xkysv5BCv0aXMVw

Request Chain 406

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY&apid=UPa6aebdf1-5161-11ec-b143-02646cc160e4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBhNmFlYmRmMS01MTYxLTExZWMtYjE0My0wMjY0NmNjMTYwZTQ%3D&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY

Request Chain 412

https://px.adhigh.net/p/gm/rub?google_gid=CAESEBnE1VvymC4zIjgotF2ix_w&google_cver=1&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESEBnE1VvymC4zIjgotF2ix_w&google_cver=1&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&google_hm=jBmr3O470hIAAikABlF9bcMNZw%3D%3D

Request Chain 415

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4 HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4&google_hm=683602bbf0823da8779ef25f

Request Chain 475

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=6c84b138676a7ceb38bbd4554f581ddf&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=65212596784205182982595777755166594848

Request Chain 476

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/6c84b138676a7ceb38bbd4554f581ddf/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3461406640998964335

Request Chain 477

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=6c84b138676a7ceb38bbd4554f581ddf&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d

464 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cve-2021-40438-apache-http-server-attacks.html Show response
securityaffairs.co/wordpress/125107/hacking/ 92 KB
24 KB 970ms
933ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 18cccd9fe6995781f63b41e987dd259e8c730f166805e15f21765a1586a082f5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 29 Nov 2021 22:13:54 GMT
server: Apache
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/125107>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=125107>; rel=shortlink
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 134ms
48ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0298dfe938a9dfdae8609c7b19df2203528edeff96f157a945d609cc4134a64a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36129
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Nov 2021 22:13:55 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 91 KB
91 KB 29ms
27ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Fri, 23 Jul 2021 22:11:52 GMT
server: Apache
accept-ranges: bytes
etag: "16cb1-5c7d1b0db415e"
content-length: 93361
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 28ms
25ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 5 KB
5 KB 47ms
44ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 13 Nov 2019 23:52:08 GMT
server: Apache
accept-ranges: bytes
etag: "1360-597430d7ee92b"
content-length: 4960
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 29ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5cd29ad8a380c"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 28 KB
28 KB 48ms
45ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "7045-5cd29ad8a380c"
content-length: 28741
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 37ms
20ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 1643032
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e3e393e411938bd4fa9f5d397d6fefc4
cf-ray: 6b5f2f9d1c946931-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 50ms
47ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 51ms
48ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 51ms
48ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 54ms
25ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 55ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 77ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 75ms
28ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 69ms
23ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 120ms
66ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
content-type: text/css; charset: UTF-8;charset=UTF-8
server: Apache

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 75ms
27ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 19 KB
19 KB 74ms
24ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "4cb9-5cfd603c190ea"
content-length: 19641
content-type: text/css

GET
H2 200 social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 12 KB
12 KB 73ms
22ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Tue, 02 Nov 2021 22:42:55 GMT
server: Apache
accept-ranges: bytes
etag: "312f-5cfd603af31d5"
content-length: 12591
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 28 KB
28 KB 81ms
27ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1638224035
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Fri, 12 Nov 2021 22:49:08 GMT
server: Apache
accept-ranges: bytes
etag: "6ffc-5d09f44505588"
content-length: 28668
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 282 KB
282 KB 96ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "46758-5c7d1b0e12d00"
content-length: 288600
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 96ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 34 KB
35 KB 103ms
29ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.6
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 29 Sep 2021 22:16:12 GMT
server: Apache
accept-ranges: bytes
etag: "8960-5cd29ad8a47ac"
content-length: 35168
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 562 B
716 B 104ms
29ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Sat, 08 May 2021 23:27:41 GMT
server: Apache
accept-ranges: bytes
etag: "232-5c1d9e407bb22"
content-length: 562
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 26 KB
8 KB 82ms
7ms Script
application/javascript 2600:9000:2156:5600:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:5600:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 19:08:32 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 183923
x-cache: Hit from cloudfront
content-length: 7654
server: nginx/1.20.1
etag: W/"6179dc14-6746"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: FRA50-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: 6F0MCl4g73eM9ykVdljrgeIRV1WWEwKiXPORhDEPqOVCkLbUe2KlmQ==
expires: Tue, 30 Nov 2021 19:08:32 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 184 KB
41 KB 31ms
7ms Script
text/javascript 13.32.99.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.34 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-34.fra60.r.cloudfront.net

Software

Resource Hash

444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:11:23 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 152
etag: W/"2df1b-sQ5Sn/JpfKxrQLYebTQ3d0yXV0s"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA60-P3
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: m7Mtj1OwzKny8yDzY35qmRDoAzwc3ljXvQw7P5SHU_7im7NMxw9XaQ==

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 159 KB
54 KB 56ms
32ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d808c9258d6a3a639b96625a4d07576f02f6e4b449c2d35cd96b8e15872fbcdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-mnt-h: 8-35
content-encoding: gzip
server: Apache
etag: "338e6d2dc7a27ae4f3d1290d8657e366"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Mon, 29 Nov 2021 22:13:56 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-19
expires: Mon, 29 Nov 2021 22:18:56 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 48ms
44ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H2 200 headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 973 B
1 KB 304ms
97ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Tue, 02 Mar 2021 20:36:48 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "603ea1e0-3cd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 973
expires: Wed, 01 Dec 2021 22:13:56 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 25ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 26ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 26ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 Panasonic-data-leak.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/11/ 11 KB
11 KB 48ms
45ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/11/Panasonic-data-leak.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: dfc3fed6de31e6424df36c32f320163d8ac11d1131c8ae8a2398f31f836a4fe0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Mon, 29 Nov 2021 21:35:12 GMT
server: Apache
accept-ranges: bytes
etag: "2d36-5d1f4373ecc61"
content-length: 11574
content-type: image/jpeg

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 29ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f6a6aa21ef6a466e386b0c04b034094365bd045bb0f24f2617cc49debca9a583

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 9nNa8kD2W6CktBRWOwrwSQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: HWrEsOimBBHRArbX/Bl//UIRwEnCkm327fEuE/JL5+51M1J7qjEGSIBQ2vZhkZHXd7z/OfNakUTtZbjT38ONOw==
x-fb-trip-id: 917726464
x-fb-content-md5: 5cf2f2ced9c1d3182d2970c8a86e2332
x-frame-options: DENY
date: Mon, 29 Nov 2021 22:13:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "20c1fd24df63d7d05f9185f3b5b6c076"
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:32:31 GMT

GET
H2 200 Cattura.jpg
securityaffairs.co/wordpress/wp-content/uploads/2021/11/ 86 KB
87 KB 50ms
48ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/11/Cattura.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: c3f2d73001db8e6e5b260e7a5e1575c5a1e07ea9c4849b90bb0ec2ef4679fb01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Mon, 29 Nov 2021 13:11:11 GMT
server: Apache
accept-ranges: bytes
etag: "15970-5d1ed2cb824c5"
content-length: 88432
content-type: image/jpeg

GET
H2 200 Cattura.jpg
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/11/ 4 KB
5 KB 24ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/11/Cattura.jpg?resize=300%2C300&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a816e8d7f90a504a127bee4555c0df3a19ba293d00ec2755236f774c2fd93906

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Mon, 29 Nov 2021 13:44:02 GMT
server: nginx
etag: "fb548ef7674dfacf"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/11/Cattura.jpg>; rel="canonical"
content-length: 4516
expires: Thu, 30 Nov 2023 01:44:02 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 156 KB
157 KB 32ms
32ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Fri, 12 Nov 2021 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "2719b-5d09f44b38318"
content-length: 160155
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 20ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5cfd603be358c"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 31ms
31ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Sun, 05 Sep 2021 22:22:00 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5cb46f619b099"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Fri, 12 Nov 2021 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "792-5d09f44b509b3"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 25ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 24ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 34ms
34ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 30ms
29ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 27ms
27ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 46ms
46ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 29ms
29ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 25ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 sharing.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 23 KB
23 KB 24ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Tue, 02 Nov 2021 22:42:56 GMT
server: Apache
accept-ranges: bytes
etag: "5a9e-5cfd603c190ea"
content-length: 23198
content-type: application/javascript

GET
H2 200 e-202148.js Show response
stats.wp.com/ 9 KB
3 KB 27ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202148.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 21 Nov 2022 07:46:06 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 31 KB
31 KB 48ms
46ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Fri, 23 Jul 2021 22:11:53 GMT
server: Apache
accept-ranges: bytes
etag: "7cdc-5c7d1b0e301c1"
content-length: 31964
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 48ms
46ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=a28b0e9b2cdbb1f5240bb81b525eda0e
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 126ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4369
date: Mon, 29 Nov 2021 21:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 29 Nov 2021 23:01:07 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
405 B 47ms
8ms XHR
text/plain 52.29.0.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.0.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-0-64.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:56 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
419 B 71ms
30ms Script
text/javascript 2600:9000:224a:2a00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:224a:2a00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P1
etag: "e6e1643313740711175f51662a65b42f"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: oo-bVoMaOiyAA0jGIhDD7E1hT1OwskMFyFV2OBFa9VGoSFiHxRlkug==

GET
H2 200 analytics.js Show response
google-analytics.com/ 49 KB
20 KB 139ms
40ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4647
date: Mon, 29 Nov 2021 20:56:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 29 Nov 2021 22:56:29 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 48ms
47ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
380 B 9ms
9ms Image
text/plain 52.29.0.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1638224036028.99873&hostname=securityaffairs.co&location=%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&title=Experts%20warn%20of%20attacks%20exploiting%20CVE-2021-40438%20in%20Apache%20HTTP%20ServerSecurity%20Affairs&sop=false&description=Threat%20actors%20are%20exploiting%20the%20recently%20patched%20CVE-2021-40438%20flaw%20in%20Apache%20HTTP%20servers%2C%20warns%20German%20Cybersecurity%20Agency%20and%20Cisco.%20Threat%20actors%20are%20exploiting%20a%20recently%20addressed%20server-side%20request%20forgery%20(SSRF)%20vulnerability%2C%20tracked%20as%20CVE-2021-40438%2C%20in%20Apache%20HTTP%20servers.%20The%20CVE-2021-40438%20flaw%20can%20be%20exploited%20against%20httpd%20web%20servers%20that%20have%20the%C2%A0mod_proxy%C2%A0module%20enabled.%20A%20threat%20actor%20%5B%E2%80%A6%5D&description=Threat%20actors%20are%20exploiting%20the%20recently%20patched%20CVE-2021-40438%20flaw%20in%20Apache%20HTTP%20servers%2C%20warns%20German%20Cybersecurity%20Agency%20and%20Cisco.%20Threat%20actors%20are%20exploiting%20a%20recently%20addressed%20server-side%20request%20forgery%20(SSRF)%20vulnerability%2C%20tracked%20as%20CVE-2021-40438%2C%20in%20Apache%20HTTP%20servers.%20The%20CVE-2021-40438%20flaw%20can%20be%20exploited%20against%20httpd%20web%20servers%20that%20have%20the%C2%A0mod_proxy%C2%A0module%20enabled.%20A%20threat%20actor%20%5B%E2%80%A6%5D&img_pview=true

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.0.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-0-64.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:56 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 36ms
7ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 29 Nov 2021 22:13:56 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Mon, 29 Nov 2021 22:18:56 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "156244085faab7d3"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length: 6414
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:29:12 GMT
server: nginx
etag: "a6fb49f7a00a0498"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:29:12 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 6ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=29506073&post=125107&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=0&rand=0.8555542953674826
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 244 B
657 B 68ms
35ms Script
text/javascript 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b8a3b94e6bdda09167a138df30b984800bec4fa633f306211f7c6a81a2f73098

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004774446
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 179
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: UokrUfiuNkYJ++UixKy4APK9D4+w9wQlDhnzDlY0U0gwB8ZMgMs6i9EJLPVZFdof0xcCA/Ss57LdXluiTBx85w==
x-fb-trace-id: FALN/RgXvGi
date: Mon, 29 Nov 2021 22:13:56 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AkErg3Tubufx9T02iPo3zNv
cache-control: no-store
facebook-api-version: v5.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 6ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.9488072416152484
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 290 KB
82 KB 18ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=e0654b9b509e97f57c8a2bf4749bfeb3

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0ec6ddbd58d42e2793df829373ae62d0801b742e97220c8a575f9db6daf50e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/
Origin: https://securityaffairs.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 8FdbOpLWqsYir0ushQYumg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84315
x-fb-rlafr: 0
x-fb-debug: cvQ3OhJwsW9Gyrt+ti5FaKc139VNPg/CGsZlsNQsFPIRYWaKx1quJFOzOCBLsAUty+zAFSoyIUXZb/DgQ7ZrmQ==
x-fb-content-md5: 0c0c2fdd31215fe02cb5d7661b675a00
x-frame-options: DENY
date: Mon, 29 Nov 2021 22:13:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "851ea7b823c7e5724c97c50382922f15"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 29 Nov 2022 21:38:54 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
25 KB 659ms
658ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&nse=5&vi=1638224036179657427&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5e27ce0c0559d462b7028d57f4d8b075cff0912bd6cf8b014ea30669e207f43c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-2
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 29 Nov 2021 22:13:56 GMT
x-mnt-w: 8-8, 8-12
content-length: 25685
expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame FF8D 15 KB
6 KB 81ms
81ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b6466e947418bf7593ca45c641152848fa9a58998d36281e70e731a9b6a9dbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:56 GMT
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 5715

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
25 KB 582ms
581ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9c0c58e6cc3d4e8314e225db3b0899c1ce8579cb1036ba883ed97f29015e9809

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-2
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 29 Nov 2021 22:13:56 GMT
x-mnt-w: 8-8, 8-12
content-length: 25683
expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame CD8B 15 KB
6 KB 73ms
72ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b6466e947418bf7593ca45c641152848fa9a58998d36281e70e731a9b6a9dbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:56 GMT
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 5715

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
25 KB 604ms
604ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&nse=5&vi=1638224036213479303&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

931bb09b906a88834606cc21bfd414ea56e3d95f6a7f558af4927760e3f9c7de

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-2
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 29 Nov 2021 22:13:56 GMT
x-mnt-w: 8-21, 8-31
content-length: 25644
expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 1AEC 15 KB
6 KB 66ms
66ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b6466e947418bf7593ca45c641152848fa9a58998d36281e70e731a9b6a9dbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:56 GMT
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 5715

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 81 KB
25 KB 744ms
743ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&nse=5&vi=1638224036765921355&lw=1&ugd=4&nb=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4be5e8e1985b48fcb3acd51ddb927ad8f945a6a67b8fdb551a37359da7bb1aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
x-mnt-hl2: 10-2
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=0, no-cache, no-store
date: Mon, 29 Nov 2021 22:13:57 GMT
x-mnt-w: 8-33, 8-13
content-length: 25627
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 1EE9 15 KB
6 KB 69ms
68ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b6466e947418bf7593ca45c641152848fa9a58998d36281e70e731a9b6a9dbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:56 GMT
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 5715

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 34ms
8ms Image
image/gif 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1638224036179657427&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781336&r=1638224036222&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11580757920t202111292213&vgd_pgids=1&vgd_uspa=0&hvsid=00001638224036214031177838083517&gdpr=1&vgd_end=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 34ms
8ms Image
image/gif 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1638224036368269720&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781336&r=1638224036247&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11580757920t202111292213&vgd_pgids=2&vgd_uspa=0&hvsid=00001638224036214031177838083517&gdpr=1&vgd_end=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 35ms
8ms Image
image/gif 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1638224036213479303&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781336&r=1638224036257&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11580757920t202111292213&vgd_pgids=2&vgd_uspa=0&hvsid=00001638224036255031177838086380&gdpr=1&vgd_end=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H/1.1 200
OK bping.php
lg3.media.net/ 35 B
322 B 87ms
56ms Image
image/gif 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1638224036765921355&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781336&r=1638224036265&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=39351&vgd_rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11580757920t202111292213&vgd_pgids=2&vgd_uspa=0&hvsid=00001638224036264031177838082242&gdpr=1&vgd_end=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 29 Nov 2021 22:13:56 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 93ms
46ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1787398114&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ul=en-us&de=UTF-8&dt=Experts%20warn%20of%20attacks%20exploiting%20CVE-2021-40438%20in%20Apache%20HTTP%20ServerSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=610506496&gjid=173739145&cid=1541880625.1638224036&tid=UA-59069958-1&_gid=1076081999.1638224036&_r=1&gtm=2ouba1&did=dNDMyYj&gdid=dNDMyYj&z=781020685

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 90ms
46ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1787398114&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ul=en-us&de=UTF-8&dt=Experts%20warn%20of%20attacks%20exploiting%20CVE-2021-40438%20in%20Apache%20HTTP%20ServerSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1264011349&gjid=23764937&cid=1541880625.1638224036&tid=UA-59069958-1&_gid=1076081999.1638224036&_r=1&_slc=1&z=1493082913

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hb_v2.js Show response
cdn.pixfuture.com/ 33 KB
9 KB 50ms
21ms Script
application/javascript 2606:4700:20::681a:b9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/hb_v2.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 15:09:43 GMT
server: cloudflare
age: 26308
etag: W/"61533037-84f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v7QGWGnhVkSrC17%2FmY7XbRMgD1T9s%2BoVFwHrZ24M0KyyuuLbPh9LXJxJvhB8OM%2Fu9N06qmyytgMwU5rIlPsGtDiKGX25AEs%2FRguWhl49SxFxpgd2FD7gGO2XdDoTOjMxwJRA8zSGZ61Rgjfb1%2BMt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5f2fa378524ac3-FRA
expires: Wed, 01 Dec 2021 14:55:28 GMT

GET
H2 200 pbix.js Show response
cdn.pixfuture.com/ 423 KB
130 KB 22ms
22ms Script
application/javascript 2606:4700:20::681a:b9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/pbix.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0b015ea0baa3a87937815ea6ba5b35f9cca8b4a0aeaa71974892b290d3eb0da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 23 Aug 2021 13:19:22 GMT
server: cloudflare
age: 26307
etag: W/"6123a05a-69c72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6U0ZLiKafX1%2FRJ0k1%2FmQl0LWrf1DeiJn%2Bl2lX1Mk9e3N1ltaq3N%2Bj8CNZAXZdsnHvmZpECmOJya2mg8Ily%2FJB5RStZNzx6J0i%2BS9u%2BOM70Rp1pzpuGmJkysmzEMd3%2B2QTm03CXDTryc7eraQ9j%2Bt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=2678400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6b5f2fa3987d4ac3-FRA
expires: Wed, 01 Dec 2021 14:55:29 GMT

GET
H2 200 r.js Show response
aa.agkn.com/adscores/ 0
185 B 50ms
7ms Script
application/javascript 35.156.119.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.119.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-119-137.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: application/javascript
content-length: 0
expires: 0

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 393ms
204ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=experts,warn,attacks,exploiting,cve202140438,apache,http,serversecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5a934fbfdb1668df3913390d3c1c221f89397790806e109f9dec43973f9680c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:56 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 470ms
281ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24270x300x250x4142x_ADSLOT1&keywords=experts,warn,attacks,exploiting,cve202140438,apache,http,serversecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e6cea3fab0eb4a862d6929b42068eed24ddb5b97bd92338da7abe3bf4b67f01f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:56 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 11 KB
11 KB 388ms
203ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=experts,warn,attacks,exploiting,cve202140438,apache,http,serversecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d608712eafc55a207b4c7f262b3860549e50d7518ff578e4c38d1c4e4698aa37

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:56 GMT

GET
H2 200 hb_v2.php Show response
served-by.pixfuture.com/www/delivery/ 9 KB
9 KB 293ms
109ms XHR
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=experts,warn,attacks,exploiting,cve202140438,apache,http,serversecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5a934fbfdb1668df3913390d3c1c221f89397790806e109f9dec43973f9680c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800, public, no-transform
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:56 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 145ms
15ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1126
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=l0i5anxteFVFNUhjeUlzOWdMVHdFUWFweUdHcGsxUXNoZUgvUW5uSUVwQjl6OG9vSE5MZ2JKR25sNzdaMnEwVXZCbElxUUgxbTlqUGUvblpPZHUyeDFnYUhpTnVNaFV3SDM5Q1plU1dsRktOZU5FZFc2ODJxL1R1TzR5L0...

361 B
616 B

44ms
16ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=l0i5anxteFVFNUhjeUlzOWdMVHdFUWFweUdHcGsxUXNoZUgvUW5uSUVwQjl6OG9vSE5MZ2JKR25sNzdaMnEwVXZCbElxUUgxbTlqUGUvblpPZHUyeDFnYUhpTnVNaFV3SDM5Q1plU1dsRktOZU5FZFc2ODJxL1R1TzR5L0NKdjlrYTlvZWlnWi91elloTkRzZVZIV2tORDdZenRCQStIRHhPeHR4NmZXUHBlWEdGeU1BZlh0cExSWWpaTEhDK0ViSE9CamZSUG53UWc1SmlsK1NOUmMwYUxmSWgyZHdsRjYzZEdDalRqQVJKOFJzWDhzPXw&cppv=2

Requested by

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

a74f338c4a2372e1bdfce8edda31512f5bb6f6347537273b75386b21d2f725b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Mon, 29 Nov 2021 22:13:56 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2251
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Mon, 29 Nov 2021 22:13:56 GMT
location: https://mug.criteo.com/sid?cpp=l0i5anxteFVFNUhjeUlzOWdMVHdFUWFweUdHcGsxUXNoZUgvUW5uSUVwQjl6OG9vSE5MZ2JKR25sNzdaMnEwVXZCbElxUUgxbTlqUGUvblpPZHUyeDFnYUhpTnVNaFV3SDM5Q1plU1dsRktOZU5FZFc2ODJxL1R1TzR5L0NKdjlrYTlvZWlnWi91elloTkRzZVZIV2tORDdZenRCQStIRHhPeHR4NmZXUHBlWEdGeU1BZlh0cExSWWpaTEhDK0ViSE9CamZSUG53UWc1SmlsK1NOUmMwYUxmSWgyZHdsRjYzZEdDalRqQVJKOFJzWDhzPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1763
content-length: 482
expires: 0

POST
H/1.1 200 529.json Show response
id5-sync.com/g/v2/ 213 B
536 B 41ms
8ms XHR
application/json 141.95.3.40
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/529.json

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

141.95.3.40 , France, ASN16276 (OVH, FR),

Reverse DNS

p30.id5-sync.com

Software

Resource Hash

9dc575a4b4095df35e7eda9d67043680e0fd7ed5ade0b3425197cb5d693ec23c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://securityaffairs.co
Date: Mon, 29 Nov 2021 22:13:47 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 98ms
32ms XHR
application/json 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 606ece8778fbf13cb842cba049f8c7c09b9b92b3a16be0afcce479229fe9e7e6

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Wed, 29 Dec 2021 22:13:56 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

0
1009 B

14ms
14ms

Script
application/javascript

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1

Requested by

Protocol

HTTP/1.1

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a3e2a6b4-d6f4-4e2c-aa94-300ebf7c90ae
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d15bcf9b-0924-4b6b-a334-07e73411dea6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

0
1009 B

14ms
14ms

Script
application/javascript

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1

Requested by

Protocol

HTTP/1.1

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 06037b55-88e5-41de-8007-5d1b6fbe9971
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e54a5061-606f-452b-bd48-5e3580ed1e66
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ 620 B
992 B 300ms
96ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 620
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 173 B
530 B 317ms
112ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6a0b772330a8a3c848cd5fe666fbe22b4db2d5e2898d4f92f2508eacb47a457b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 173
Expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
749 B 507ms
212ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: ea1445ce93c92bf5e3306beb8efbc74dab3acd52ad37ecd62c7c5c34bb0b66bc

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 65 B
157 B 164ms
115ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: afe62c3763131bac539ab779d16172f3c7981ebb8fb6fb93904fbba508c49cee

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
293 B 145ms
104ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 558cfae7b4ca98b59cc0e451c990f877a8075843e933a77a5b8becd9a346b138

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
content-length: 62

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
890 B 102ms
64ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 43020d5f41bc360f445d3c958416bfaa38fda473297846e739770a3652620ad8

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
381 B 99ms
25ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a69842fe-1d2b-48cb-87e4-56b4c0938ade&nocache=1638224036824&id5id=0&pubcid=0d94a7ea-37db-43b8-b956-ab2f99849a3f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWV4cGVydHMsd2FybixhdHRhY2tzLGV4cGxvaXRpbmcsY3ZlMjAyMTQwNDM4LGFwYWNoZSxodHRwLHNlcnZlcnNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXhwZXJ0cyx3YXJuLGF0dGFja3MsZXhwbG9pdGluZyxjdmUyMDIxNDA0MzgsYXBhY2hlLGh0dHAsc2VydmVyc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: c21627e0f85d90bc6bea1a99177a986d44d5d36256669927cfb35aa8e3fb14e0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 240 B
1 KB 124ms
61ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=a69842fe-1d2b-48cb-87e4-56b4c0938ade&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3226263656160302
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 36450fe4fb6afb065d755fddc0ad99abe9123ad9a1cf2eb9cec86f442ca9f997

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 240
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
735 B 99ms
41ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%221895435e2a0c0da%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&s=94326d99-cb9e-463e-9430-ed0927606947&pv=5b8324c4-ed20-44e7-80e2-eeb07e3aa0bf&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%5D&kw=experts%2Cwarn%2Cattacks%2Cexploiting%2Ccve202140438%2Capache%2Chttp%2Cserversecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

b42e2bd9a5c31050e653406a5837aa1865860b5c5614aa946aede4523013f5da

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
980 B 43ms
14ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0bcf56b049e78550ba429cee99e5a6fc662f379f9cbb671c6416c36ea3b72093

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2a6a1c75-8621-4f0e-a4ad-84e7140525b3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 103ms
51ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 173 B
530 B 309ms
118ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 126820462b78e11b4adfb331f0b4dbf2ea5d1967b0a0cccf2eca7424c688caf2

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 173
Expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
748 B 434ms
154ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: c5b1dbf46b92e225b0b5f5d690ba5e220f93b26f7029dd8c6a7aeb456e6201be

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 104ms
60ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
980 B 41ms
14ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

02c96d4b3b7997471faaef25685d5a84a716cc9c3b1624fca1e1912bf50d0173

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 44285b30-bad8-4ce6-b84b-941f9c93ef96
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
737 B 90ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22355523c02509eb2%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&s=7f61aeeb-cefa-4708-8321-ec81bccca788&pv=5b8324c4-ed20-44e7-80e2-eeb07e3aa0bf&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22tdid%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&kw=experts%2Cwarn%2Cattacks%2Cexploiting%2Ccve202140438%2Capache%2Chttp%2Cserversecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

613b8401d09a5ea156a5eb6c6a59701c8f08ec0fe9ecbaedb895787da3be1ec9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
750 B 102ms
80ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 41318960f285f75ae0b642a1409279dcc81a2654ebd047941f092f0fa27c6902

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 117ms
67ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&tpid_tdid=44067512-ebff-4bb2-874f-f9d23e6f8868&eid_adserver.org=44067512-ebff-4bb2-874f-f9d23e6f8868&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=d3a1c2e2-017d-416f-9853-3db758844887&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5590098351366657
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a0bebddd2dfa73af3d8b4be6bef5cab5441ed6cd9d63e2fcda0384e68a3273e2

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
147 B 84ms
26ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d3a1c2e2-017d-416f-9853-3db758844887&nocache=1638224036840&id5id=0&ttduuid=44067512-ebff-4bb2-874f-f9d23e6f8868&pubcid=0d94a7ea-37db-43b8-b956-ab2f99849a3f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWV4cGVydHMsd2FybixhdHRhY2tzLGV4cGxvaXRpbmcsY3ZlMjAyMTQwNDM4LGFwYWNoZSxodHRwLHNlcnZlcnNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXhwZXJ0cyx3YXJuLGF0dGFja3MsZXhwbG9pdGluZyxjdmUyMDIxNDA0MzgsYXBhY2hlLGh0dHAsc2VydmVyc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 14200d8b2f52ae739fb302c4be4c8f5677792594fc7adf5ed13f9c2208b9f04b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
115 B 84ms
51ms XHR
text/plain 3.70.103.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.70.103.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-70-103-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
299 B 133ms
105ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: a8636a3a2eed4ca7aef1741c62533222e0b9e68e7f7533c2ceef9a2ba6a191a6

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 nrrV52461.js Show response
contextual.media.net/4a/ Frame 763B 92 KB
30 KB 25ms
25ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV52461.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

879dec4e834723311cb4cb14f23e6f6df941637891f0c0384857241536c1b1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "f3dcc1592ff35c4ac7631edb38265c3f"
vary: Accept-Encoding
x-mnet-h: 10-4
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 30279
expires: Mon, 13 Dec 2021 22:13:56 GMT

GET
DATA 200
OK truncated
/ Frame 763B 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 763B 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 763B 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 nrrV52461.js Show response
contextual.media.net/4a/ Frame 7CED 92 KB
30 KB 20ms
20ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV52461.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

879dec4e834723311cb4cb14f23e6f6df941637891f0c0384857241536c1b1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "f3dcc1592ff35c4ac7631edb38265c3f"
vary: Accept-Encoding
x-mnet-h: 10-4
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 30279
expires: Mon, 13 Dec 2021 22:13:56 GMT

GET
DATA 200
OK truncated
/ Frame 7CED 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7CED 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7CED 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 nrrV52461.js Show response
contextual.media.net/4a/ Frame 3173 92 KB
30 KB 21ms
21ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV52461.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

879dec4e834723311cb4cb14f23e6f6df941637891f0c0384857241536c1b1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "f3dcc1592ff35c4ac7631edb38265c3f"
vary: Accept-Encoding
x-mnet-h: 10-4
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 29 Nov 2021 22:13:56 GMT
content-length: 30279
expires: Mon, 13 Dec 2021 22:13:56 GMT

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 172 B
529 B 297ms
107ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8f113f622b2df1bc54efa3cafd1dd6b3cb563a0ad43fdac8f32a2b1a1b3fa4cd

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 172
Expires: 0

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
733 B 61ms
40ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2252321b0c6ec6711%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&s=10cf243a-d819-486e-858d-6187d124f16b&pv=5b8324c4-ed20-44e7-80e2-eeb07e3aa0bf&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22tdid%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&kw=experts%2Cwarn%2Cattacks%2Cexploiting%2Ccve202140438%2Capache%2Chttp%2Cserversecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

78f815f8fbebc03eee6f13b28eb67180a195e7f4beca9e22ea805b9e7a3f5cca

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 199ms
198ms XHR
text/plain 3.70.103.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.70.103.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-70-103-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:57 GMT
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
980 B 24ms
24ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

11c3d8177f6592a924a436c7bc8133c86aea5305ab74fcbb520ca3fb2eee7c08

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0b237ce1-537f-454d-a8ff-42182383ab78
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 124ms
103ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=15&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&tpid_tdid=44067512-ebff-4bb2-874f-f9d23e6f8868&eid_adserver.org=44067512-ebff-4bb2-874f-f9d23e6f8868&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=6b694fc1-d52b-4d5d-a97a-8c63fd1b726d&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.22779809146031527
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: cdd82869cab214bbd1526443aa190143600215f6cef28ca7f543311c0b3b4e37

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 93 B
748 B 474ms
198ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 8437e22a765f56d8b26da6dcdfcf5f1050db003963c70ce3c9b7c90546f9f733

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 65 B
147 B 107ms
107ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 208731ddda9f1c431ee8e23fcfbf77d8b6996b851c388e4ee90f59dfee96ca3c

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
144 B 22ms
22ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6b694fc1-d52b-4d5d-a97a-8c63fd1b726d&nocache=1638224036909&id5id=0&ttduuid=44067512-ebff-4bb2-874f-f9d23e6f8868&pubcid=0d94a7ea-37db-43b8-b956-ab2f99849a3f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divids=24270x300x250x4142x_ADSLOT1&aucs=&auid=540580840&tps=bXlrZXl3b3JkPWV4cGVydHMsd2FybixhdHRhY2tzLGV4cGxvaXRpbmcsY3ZlMjAyMTQwNDM4LGFwYWNoZSxodHRwLHNlcnZlcnNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXhwZXJ0cyx3YXJuLGF0dGFja3MsZXhwbG9pdGluZyxjdmUyMDIxNDA0MzgsYXBhY2hlLGh0dHAsc2VydmVyc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: d64e8e27214c0f5c52bb71237b217d7c5c9d6c0ae927ff8e03fb2dc91a9328d4

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
117 B 146ms
145ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&eidid5-sync.com=0&eidadserver.org=44067512-ebff-4bb2-874f-f9d23e6f8868&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 47a53d133212a8c78cb205f4ec840af48254cd353821c4cf6f4802d77daec27b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: ATS/9.1.0.33
age: 1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
content-length: 62

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
748 B 67ms
66ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: dacba10a354a42a9c6c11de350786d7755bc82e80fb27b4a45cd03373d75435b

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 63ms
63ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ 172 B
529 B 316ms
110ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: abf249148de315bdac917ad0f0818a8b90ae745dd6390c26a83e24417c606b00

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 172
Expires: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
749 B 73ms
73ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 83d597355ad7ec4787c099896b31af28480dec8c749af0c300511c81b396d2b7

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 95 B
733 B 57ms
42ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2279fdb42d8d90967%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&s=7713daee-bbcf-46bc-8709-aa5ad6936028&pv=5b8324c4-ed20-44e7-80e2-eeb07e3aa0bf&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22tdid%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&kw=experts%2Cwarn%2Cattacks%2Cexploiting%2Ccve202140438%2Capache%2Chttp%2Cserversecurity%2Caffairs&coppa=0

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

8c6f27b5722b8398cef533815f36c92563b0c5420a9027ebcec5a30c9e0e8d32

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 120
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
751 B 428ms
154ms XHR
application/json 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: f31ef9616b8a76902c64ba3c3ccbcbc9e4559ad823524510e405816813101b4f

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 138 B
979 B 13ms
13ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

a53cbfa533ab984629a2ffd13633e87b83fc7b3a5a9ef195a80d1633f925d19f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e63097da-673b-460a-9717-b7fda7ec4159
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
149 B 100ms
100ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: d227b8be4d6a6a138845bf4bb9cd54982d6b866e77c1b0746684ccc708eff4a3

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
61 B 61ms
60ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 82ms
81ms XHR
text/plain 3.70.103.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.70.103.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-70-103-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Mon, 29 Nov 2021 22:13:56 GMT
access-control-allow-credentials: true
vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
1 KB 77ms
56ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&tpid_tdid=44067512-ebff-4bb2-874f-f9d23e6f8868&eid_adserver.org=44067512-ebff-4bb2-874f-f9d23e6f8868&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=f02295a0-9c43-4502-8f2f-f816176abd6e&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8761450292068722
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 5466349112d93b98095f7f7247bd0ffd246f32419db28e9c98240a43eaa85758

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:56 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ 73 B
145 B 25ms
25ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=f02295a0-9c43-4502-8f2f-f816176abd6e&nocache=1638224036918&id5id=0&ttduuid=44067512-ebff-4bb2-874f-f9d23e6f8868&pubcid=0d94a7ea-37db-43b8-b956-ab2f99849a3f&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWV4cGVydHMsd2FybixhdHRhY2tzLGV4cGxvaXRpbmcsY3ZlMjAyMTQwNDM4LGFwYWNoZSxodHRwLHNlcnZlcnNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9ZXhwZXJ0cyx3YXJuLGF0dGFja3MsZXhwbG9pdGluZyxjdmUyMDIxNDA0MzgsYXBhY2hlLGh0dHAsc2VydmVyc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 466f8a37e914028687799c5d10d79b67033688295edd507e3e689f79e5d438a1

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 763B 15 B
397 B 55ms
53ms Script
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001638224036214031177838083517&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREBtwBgyIWIuK_O1gikAGv1r_clAkYjiTk_KuTJsgRXxE8dj_0zgxCkUWf9N5cEaVqpxWkuMhWmmHtuYsGII1P0%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=6-s7NxuNzmuCnkS6LrIIZs2MJGndtRaYg61daNx34Cn6Y2_2ivLIDhFIss37xLshNaDX0OIj8PPZHoOXbz6uW5E4q5zJ1KewO2zL4luRTjZt4JeU0vmCf72NrD6IsFt2LLuBzAqbRe42znca048Y_S4mSXSbvKYmBaZfg6awFt5vFRRQfH-HFTXUD8RmIWiGugOlFtddW_Ml5Apfzj3FHsuzEerYCZ_M%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4%3D%7CN7fu2vKt8_s%3D%7CuCwEv227vsDAzEXClQdB8QTpo9SXuton8fD2y5dWW7wAqW8JlDAX8-mA4ow-KwUghD5bjBXbOjXczEvZtRzCrrT2QqOyAWKfCIv19pKNquDxaF_F3kszPLbQ5ctVbH3_1C77d3E23lEAoSi7V4arlZJAdeBpb7CtpwxuX1JXJqfTrbRIwMWLsuAFgWuzYmmlqGtcWZVKDio28IIyVyDBaY0f-iATH096%7C&hint=&td=&cc=DE&wsip=2886781036&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=244&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=244&kbc[]=1204776014&kwp[]=1&kid[]=330029440&kbc2[]=ps%3D0.567%7C%7Crpc%3D0.58%7C%7Clvl%3D1.38&ktd[]=274894815488&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=2&kid[]=68172917&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.59%7C%7Clvl%3D1.89&ktd[]=274894815488&kwd[]=IT%20Security%20Audit&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=15501232&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.45%7C%7Clvl%3D1.17&ktd[]=824650629376&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=267&kbc[]=139812&kwp[]=4&kid[]=30219595&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.22%7C%7Clvl%3D1.58&ktd[]=274894815488&kwd[]=Computer%20Security%20Tips&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=6673816&kbc2[]=101%7C%7Cps%3D0.556%7C%7Crpc%3D0.34%7C%7Clvl%3D1.00&ktd[]=274911854848&rand=1638224036922&cid=8CU5BD6EW&vwid=1638224036368269720&vi=1638224036368269720&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_lhl=978&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1638224036244&upk=1638224036.26170&hvsid=00001638224036214031177838083517&verid=3121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p11580757920t202111292213&matm=1638224036928&vgd_ltime=686&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781043&vgd_nrrsf=nrr&vgd_nrrv=52461&vgd_nrrs=52461&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=1647&vgd_ren_page_h=3805&vgd_cty=FRANKFURT&vgd_l1hcsd=A35%7C7877&vgd_sethcsd=N2%7C7980&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=611&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=1&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1638224036368269720%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125107%252fhacking%252fcve-2021-40438-apache-http-server-attacks.html%253futm_source%253drss%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:56 GMT

POST
H2 200 log
navvy.media.net/ Frame 763B 35 B
97 B 202ms
159ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
DATA 200
OK truncated
/ Frame 3173 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3173 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3173 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 62ms
15ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1039
date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 7CED 15 B
397 B 43ms
41ms Script
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001638224036255031177838086380&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREBtwBgyIWIuK_O1gikAGv1r_clAkYjiTk_KuTJsgRXxE8dj_0zgxCkDQ8-0rb1ZdixwPuGqV_ffdYdjAE_X7v8%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=wGwlv6HPxP-HIBp8OW-cJB7nqy5wDyVdHz84VadieR9gB4WaFGw8nWwnnf9cx9Hyb6JWn8ZTPpcVybPi3OyVph-gjHlzC1LzODKHr02bZiMTJpAjSgxeoOloD1Ynqwh6lyTm8QN83WL_wek_U7deZkHp8y9aA_R-_Afc2Y8CEQY4XV2CKrThrThMIqSaVTJhNulmgRjJx1IxNbE1ilTuiL5VgxZMHRhR%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4%3D%7CN7fu2vKt8_s%3D%7CH4WRbgInQzMk3f4R5GVsfoUniHcI-9Ohbk0Kvr9eA3prSi-3walcdwsKqzEuQAQwDA3B_G02HvW1TcYu9wXAYkeRrj9G0C_zdWaYa_u3fj2hu2EClwBpb78c1dN_6WHDQvS7pMs4bd8KvA8Hlbg8h-wDylSkkmeK6hA8QQLiQDbe3YMoMkaWaQt3xDNTkbsd13tQ9ZvYGBoCpvcOsB1Oa6fNQJI_cIXl%7C&hint=&td=&cc=DE&wsip=2886781338&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=244&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=244&kbc[]=1204776014&kwp[]=1&kid[]=330029440&kbc2[]=ps%3D0.567%7C%7Crpc%3D0.58%7C%7Clvl%3D1.38&ktd[]=274894815488&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=2&kid[]=68172917&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.59%7C%7Clvl%3D1.89&ktd[]=274894815488&kwd[]=IT%20Security%20Audit&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=15501232&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.45%7C%7Clvl%3D1.17&ktd[]=824650629376&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=267&kbc[]=139812&kwp[]=4&kid[]=30219595&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.22%7C%7Clvl%3D1.58&ktd[]=274894815488&kwd[]=Best%20Antivirus%20Software%202021&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=329900792&kbc2[]=101%7C%7Cps%3D0.556%7C%7Crpc%3D0.18%7C%7Clvl%3D1.00&ktd[]=274895077632&rand=1638224036946&cid=8CU5BD6EW&vwid=1638224036213479303&vi=1638224036213479303&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_lhl=978&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1638224036255&upk=1638224036.26170&hvsid=00001638224036255031177838086380&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p11580757920t202111292213&matm=1638224036949&vgd_ltime=695&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886993991&vgd_nrrsf=nrr&vgd_nrrv=52461&vgd_nrrs=52461&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=414&vgd_ren_page_h=3805&vgd_cty=FRANKFURT&vgd_l1hcsd=A35%7C7877&vgd_sethcsd=N2%7C7980&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=611&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1638224036213479303%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125107%252fhacking%252fcve-2021-40438-apache-http-server-attacks.html%253futm_source%253drss%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:56 GMT

POST
H2 200 log
navvy.media.net/ Frame 7CED 35 B
207 B 183ms
158ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame 3173 15 B
397 B 15ms
14ms Script
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001638224036214031177838083517&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREBtwBgyIWIuK_O1gikAGv1r_clAkYjiTk_KuTJsgRXxE8dj_0zgxCkUWf9N5cEaVqpxWkuMhWmmHtuYsGII1P0%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=6-s7NxuNzmuCnkS6LrIIZs2MJGndtRaYg61daNx34Cn6Y2_2ivLIDhFIss37xLshNaDX0OIj8PPZHoOXbz6uW5E4q5zJ1KewO2zL4luRTjZt4JeU0vmCf72NrD6IsFt2LLuBzAqbRe42znca048Y_S4mSXSbvKYmBaZfg6awFt5vFRRQfH-HFTXUD8RmIWiGugOlFtddW_Ml5Apfzj3FHsuzEerYCZ_M%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4%3D%7CN7fu2vKt8_s%3D%7CuCwEv227vsDAzEXClQdB8QTpo9SXuton8fD2y5dWW7wAqW8JlDAX8-mA4ow-KwUghD5bjBXbOjXczEvZtRzCrrT2QqOyAWKfCIv19pKNquDxaF_F3kszPLbQ5ctVbH3_1C77d3E23lEAoSi7V4arlZJAdeBpb7CtpwxuX1JXJqfTrbRIwMWLsuAFgWuzYmmlqGtcWZVKDio28IIyVyDBaY0f-iATH096%7C&hint=&td=&cc=DE&wsip=2886781036&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoNWNY&vgde_setid=NW&&rc=0&ksu=207&fdkt=244&kwd[]=Best%20Ransomware%20Protection%20Tools&kwt[]=244&kbc[]=1204776014&kwp[]=1&kid[]=330029440&kbc2[]=ps%3D0.567%7C%7Crpc%3D0.58%7C%7Clvl%3D1.38&ktd[]=274894815488&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=2&kid[]=68172917&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.59%7C%7Clvl%3D1.89&ktd[]=274894815488&kwd[]=IT%20Security%20Audit&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=15501232&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.45%7C%7Clvl%3D1.17&ktd[]=824650629376&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=267&kbc[]=139812&kwp[]=4&kid[]=30219595&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.22%7C%7Clvl%3D1.58&ktd[]=274894815488&kwd[]=Computer%20Security%20Tips&kwt[]=240&kbc[]=b929ad6d4b2dae39694d8837c0866b17.d2s&kwp[]=5&kid[]=6673816&kbc2[]=101%7C%7Cps%3D0.556%7C%7Crpc%3D0.34%7C%7Clvl%3D1.00&ktd[]=274911854848&rand=1638224036955&cid=8CU5BD6EW&vwid=1638224036179657427&vi=1638224036179657427&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_lhl=971&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1638224036214&upk=1638224036.26170&hvsid=00001638224036214031177838083517&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p11580757920t202111292213&matm=1638224036958&vgd_ltime=750&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781043&vgd_nrrsf=nrr&vgd_nrrv=52461&vgd_nrrs=52461&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=325&vgd_y_pos=1905&vgd_ren_page_h=3805&vgd_cty=FRANKFURT&vgd_l1hcsd=A35%7C7877&vgd_sethcsd=N2%7C7980&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=611&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=610_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1638224036368269720%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125107%252fhacking%252fcve-2021-40438-apache-http-server-attacks.html%253futm_source%253drss%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A610%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:56 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:56 GMT

POST
H2 200 log
navvy.media.net/ Frame 3173 35 B
97 B 175ms
159ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2 200 nrrV52461.js Show response
contextual.media.net/4a/ Frame D963 92 KB
30 KB 19ms
19ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV52461.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

879dec4e834723311cb4cb14f23e6f6df941637891f0c0384857241536c1b1db

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "f3dcc1592ff35c4ac7631edb38265c3f"
vary: Accept-Encoding
x-mnet-h: 10-4
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Mon, 29 Nov 2021 22:13:57 GMT
content-length: 30279
expires: Mon, 13 Dec 2021 22:13:57 GMT

GET
DATA 200
OK truncated
/ Frame D963 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D963 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D963 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK bql.php Show response
lg3.media.net/ Frame D963 15 B
397 B 37ms
37ms Script
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=1&hvsid=00001638224036264031177838082242&geo=50.12|8.68&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bcJvKkD7oNWATQGXYvCMCREBtwBgyIWIuK_O1gikAGv1r_clAkYjiTk_KuTJsgRXxE8dj_0zgxCkKp_fOtpKMBXM-tfDcT4GMR_9TPhfEdEU%3D&lpid=&tsid=1&q=&prv=&type=&ps=&cme=wGwlv6HPxP_qDlTVDZFzEPQukPegNTpLVaBqdwYR8fP9uwzWVUkv2m2apAiIsZfTWUxxKDc1U9DCqVrykQ7R3wQtH8n-pAq3UCm4BU3foUNOWQ3AvXc95_t7k8fDGDEwgZ56-xKoauvmzJsOz746TzS4eLanopUNS5FJGu0RlFMH0jYxHQOVXG9f_CNUQRdl65AtpviiQb5IVsEhytlvpXNUqOICmFYgZT7jY4QbGB0%3D%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7C4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4%3D%7CN7fu2vKt8_s%3D%7CTh4ZpVITrm8GzGhxCbVRc13roCJjYAU-doqr0vNfx_xuZiAba458SyoLw94NscyhBWq92NqUl3d17wMjEhlZKuWfgYDLZKOJCwAEXz5ThbZtk6hn47G715ZEdvAPNvnH7NkiE8cCR2GUM7v19hnq0lXGkJXyL3kd4lPYmyeD2i8Lil1gyT0ALEao6EmMkTko07scXUhHjoHpYLOcqZXldHEseCbWzwU7%7C&hint=&td=&cc=DE&wsip=2886994110&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=WoyxQBuG&vgde_setid=NW&&rc=0&ksu=207&fdkt=267&kwd[]=Cyber%20Security%20Risks&kwt[]=267&kbc[]=139812&kwp[]=1&kid[]=68172917&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.59%7C%7Clvl%3D1.89&ktd[]=274894815488&kwd[]=IT%20Security%20Audit&kwt[]=267&kbc[]=139812&kwp[]=2&kid[]=15501232&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.45%7C%7Clvl%3D1.17&ktd[]=824650629376&kwd[]=Vulnerability%20Assessment%20Scanner&kwt[]=267&kbc[]=139812&kwp[]=3&kid[]=30219595&kbc2[]=ps%3D0.584%7C%7Crpc%3D0.22%7C%7Clvl%3D1.58&ktd[]=274894815488&kwd[]=Government%20Real%20Estate%20Grants&kwt[]=244&kbc[]=1204776014&kwp[]=4&kid[]=12711936&kbc2[]=ps%3D0.567%7C%7Crpc%3D0.58%7C%7Clvl%3D1.00&ktd[]=274894881024&kwd[]=Python%20for%20Beginners&kwt[]=244&kbc[]=1204776014&kwp[]=5&kid[]=145658428&kbc2[]=ps%3D0.567%7C%7Crpc%3D0.21%7C%7Clvl%3D1.17&ktd[]=274911658240&rand=1638224037051&cid=8CU5BD6EW&vwid=1638224036765921355&vi=1638224036765921355&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=HE&vgd_l1rakh=1638224036149090016&vgd_l1rhst=contextual.media.net&vgd_lhl=978&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&vgd_ifrmode=00&sttm=1638224036264&upk=1638224036.26170&hvsid=00001638224036264031177838082242&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D39351&vgd_isiolc=1&npgv=1&pid=8PO9OT5EW&katen=1&pc=100&vgd_pgid=p11580757920t202111292213&matm=1638224037058&vgd_ltime=796&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D39351&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=HE&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=2886781044&vgd_nrrsf=nrr&vgd_nrrv=52461&vgd_nrrs=52461&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=725&vgd_ren_page_h=3805&vgd_cty=FRANKFURT&vgd_l1hcsd=A35%7C7877&vgd_sethcsd=N2%7C7980&vgd_cfud=210701&vgd_is_amp=0&vgd_icat=611&vgd_spcat=-1&vgd_optout=0&vgd_l2ch=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_mbr=1&vgd_l1rpth=%2Fdmedianet.js&vgd_pgids=2&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&oRurl=http%3A%2F%2Fcdn3%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DDE%26isOffice%3D0%26fvips%3D0%26vi%3D1638224036765921355%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D5%26baeFlag%3D1%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26cb%3Dwindow._mNDetails.initAd%26gdpr%3D1%26pid%3D8PO9OT5EW%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f125107%252fhacking%252fcve-2021-40438-apache-http-server-attacks.html%253futm_source%253drss%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:57 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:57 GMT

POST
H2 200 log
navvy.media.net/ Frame D963 35 B
97 B 150ms
149ms Ping
image/gif 34.102.149.62
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV52461.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.149.62 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 62.149.102.34.bc.googleusercontent.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
alt-svc: clear
content-length: 35
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H/1.1 200
OK log
lg3.media.net/ 35 B
371 B 7ms
6ms Image
image/gif 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/log?&logid=kfk&evtid=adPrvLog&otherprov=0&cid=8CU5BD6EW&crid=816788371&cc=DE&ugd=4&timeTaken=1&vi=1638224036179657427&r=1638224037063

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.35.v20201120) /

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: Jetty(9.4.35.v20201120)
Strict-Transport-Security: max-age=21600
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2

200

/ Show response
ads.us.e-planning.net/uspd/1/ Frame 73EE
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

2 KB
1 KB

23ms
22ms

Document
text/html

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 Huissen, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: b52ced18c54e85acf730a04fa9e3c7fc350382530023951d5111e67508f7cd51

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: openresty
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html
cache-control: max-age=0, no-cache
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
expires: Mon, 29 Nov 2021 22:13:57 GMT
x-sid: AMS-731
content-encoding: gzip

Redirect headers

server: openresty
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html; charset=iso-8859-1
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
x-sid: AMS-731

GET
H2

200

um
u-ams02.e-planning.net/ Frame 73EE
Redirect Chain

https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dcd67d0220b8943e9
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=cd67d0220b8943e9

42 B
103 B

23ms
23ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=cd67d0220b8943e9
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: openresty
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=cd67d0220b8943e9
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dataxpand_28122020.js Show response
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame 73EE 39 KB
14 KB 85ms
41ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
last-modified: Mon, 28 Dec 2020 16:45:03 GMT
server: openresty
etag: W/"5fea0b8f-9a72"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 28 Nov 2026 22:13:56 GMT

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 73EE 43 B
351 B 52ms
20ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dcd67d0220b8943e9%26uid%3D%24%7BUID%7D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: agem3pqha38444nr3apmjhh1e5dhuug0

GET
H/1.1 200 ptag Show response
a.audrte.com/ Frame 73EE 5 KB
2 KB 414ms
101ms Script
text/plain 18.215.193.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptag?p=M1353665098
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.193.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-193-43.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 9ab10fa675e6e94e1a8d2950508afb0690de4a3e97f3538a3d8e9a69d030e2e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-transform, public, max-age=3600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1683

GET
H2 200 lotame.js Show response
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 73EE 266 B
415 B 85ms
42ms Script
application/x-javascript 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 16:18:03 GMT
server: openresty
etag: W/"5fb69abb-10a"
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=157680000
expires: Sat, 28 Nov 2026 22:13:56 GMT

GET
H2

200

/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 73EE
Redirect Chain

https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dcd67d0220b8943e9
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F

95 B
222 B

14ms
14ms

Image
image/png

168.119.79.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.223.79.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

Redirect headers

location: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.14.2
content-type: text/html; charset=UTF-8

GET
H2

200

um
u-ams02.e-planning.net/ Frame 73EE
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dcd67d0220b8943e9%26uid%3D%24UID
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=cd67d0220b8943e9&uid=9164184649206400284

42 B
104 B

72ms
21ms

Image
image/gif

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=cd67d0220b8943e9&uid=9164184649206400284
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: openresty
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5aaf8ad6-b2d5-46b2-9d3f-a61a0fcff787
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=cd67d0220b8943e9&uid=9164184649206400284
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 9299
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu

281 B
554 B

33ms
7ms

Document
text/html

104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40019-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 29 Nov 2021 22:13:57 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date: Mon, 29 Nov 2021 22:13:57 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5C90 14 KB
5 KB 39ms
7ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=20768
expires: Tue, 30 Nov 2021 04:00:05 GMT
date: Mon, 29 Nov 2021 22:13:57 GMT
vary: Accept-Encoding

GET show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 52A6 0
0

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 95ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:57 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 5C90 5 KB
6 KB 63ms
16ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=23974454&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9112d61c461ed5cb41db86e21252776f0e0312d68d0228db1e6a478ecd54ae19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9299 32 KB
10 KB 7ms
7ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27146
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9512
Expires: Tue, 30 Nov 2021 05:46:23 GMT

GET
H/1.1

200
OK

usermatch Show response
ssum.casalemedia.com/ Frame 72AB
Redirect Chain

https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1

2 KB
3 KB

25ms
25ms

Document
text/html

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 31cb20c9bde89fc79f5001dcc52b930c73d5b9d9b12e4932905c9899b0a17e5c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 45|39|230|241|152|196|206|188
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1613
Expires: Mon, 29 Nov 2021 22:13:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 345
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 29 Nov 2021 22:13:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 7630 2 KB
823 B 32ms
8ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5927d926323dc2c

Requested by

Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
spl.zeotap.com/ Frame 32CF 8 KB
2 KB 45ms
21ms Document
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b881bedbfcbfa2f4b216b50ff5318e7faa071bfb84234a68825c257198e3e233

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://ads.us.e-planning.net
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b5f2fa968405c56-FRA
content-encoding: br

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 9299 0
239 B 37ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=12186
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 0BD4 111 KB
40 KB 108ms
63ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0504c3a36cc0dbb4f64d6197239fbe0e20720c73b157b2806a9ede7d9b5a442c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40074
x-xss-protection: 0
server: cafe
etag: 10922812493410376652
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 95ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:57 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 7173 111 KB
39 KB 154ms
121ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f2f9d4bc38f974936f81890d59cc73176c5f57ce61f2c6131a369f4ba983532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40073
x-xss-protection: 0
server: cafe
etag: 2096058985631565468
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 95ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:57 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame A78F
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951

35 B
468 B

28ms
26ms

Document
image/gif

37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Mon, 29 Nov 2021 22:13:57 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D2319F56-C5A0-42B9-B769-D18C2EDA2951
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 653A
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8308693492827297970

42 B
366 B

14ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8308693492827297970
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug018:0:286
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8308693492827297970
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame EAF4 43 B
334 B 232ms
15ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 29 Nov 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 567637

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 996D
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036118662444742804

42 B
210 B

41ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036118662444742804
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug009:0:507
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Mon, 29 Nov 2021 22:13:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7036118662444742804

GET
H2

200

b9pj45k4 Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame 2C7D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...

85 B
160 B

7ms
7ms

Document
image/png

151.101.130.49
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YaVQpQAIXW9-PABG
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-type: image/png
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
age: 337
x-served-by: cache-hhn4050-HHN
x-cache: HIT
x-cache-hits: 2656
x-timer: S1638224038.577984,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 85

Redirect headers

p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YaVQpQAIXW9-PABG
server: Jetty(9.4.35.v20201120)
accept-ranges: bytes
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
x-served-by: cache-hhn4050-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1638224037.413109,VS0,VE99
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame 0599
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFLV3JrN0RTcUVBQUN5QTBkMHhkdw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFLV3JrN0RTcUVBQUN5QTBkMHhkdw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAKWrk7DSqEAACyA0d0xdw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...

43 B
163 B

156ms
17ms

Document
image/gif

185.86.139.89
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAKWrk7DSqEAACyA0d0xdw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAKWrk7DSqEAACyA0d0xdw&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame C372
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
243 B

37ms
14ms

Document
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:55 GMT
content-type: text/html; charset=utf-8
x-lat: amspug001:2:268
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Mon, 29 Nov 2021 22:13:57 GMT
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame A926
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SKGYoVVaJ2cc7L1RCx27X5n1

42 B
525 B

20ms
15ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SKGYoVVaJ2cc7L1RCx27X5n1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:55 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug012:0:540
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Mon, 29 Nov 2021 22:13:57 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=SKGYoVVaJ2cc7L1RCx27X5n1
strict-transport-security: max-age=0; includeSubDomains;

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8CDE
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=668765650
https://sync.1rx.io/usersync/tradedesk/44067512-ebff-4bb2-874f-f9d23e6f8868
https://sync.targeting.unrulymedia.com/csync/RX-88650328-fd5e-4cac-bf90-42bf4697315c-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-88650328-fd5e-4cac-bf90-42bf4697315c-003

42 B
228 B

19ms
18ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-88650328-fd5e-4cac-bf90-42bf4697315c-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Mon, 29 Nov 2021 22:13:56 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug006:0:411
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-88650328-fd5e-4cac-bf90-42bf4697315c-003
etag: RX88650328fd5e4cacbf9042bf4697315c003

GET
H2 404 dpe Show response
ad4m.at/ad/ Frame 764C 15 B
915 B 60ms
33ms Document
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b5f2fa9cc951f3d-FRA

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame E90A 43 B
408 B 81ms
17ms Document
image/gif 72.251.241.206
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.206 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-4
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame B589 43 B
279 B 247ms
33ms Document
image/gif 195.5.165.20
IPROM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Vary: Accept-Encoding
X-adserver-worker: ragnarok-213ef657e38c@version_1.358
Connection: close
X-server-arch: v2
Content-Type: image/gif
Content-Length: 43
X-core-time: 0ms
Date: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 780C
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
147 B

165ms
16ms

Document
text/plain

151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
x-served-by: cache-hhn4073-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1638224038.587588,VS0,VE9
content-length: 0

Redirect headers

server: nginx
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
x-served-by: cache-hhn4059-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1638224037.413168,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 807E
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
417 B

161ms
161ms

Document
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b5f2faadb114dee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 87
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b5f2fa9c9494dee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 um Show response
u-ams02.e-planning.net/ Frame D01C 42 B
103 B 21ms
20ms Document
image/gif 5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=cd67d0220b8943e9&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: openresty
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5C90
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_tc=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

7ms
6ms

Image
text/html

2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=20768
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Tue, 30 Nov 2021 04:00:05 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f8961a5-50a5-4300-8dbf-291279c28324

0
260 B

160ms
16ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f8961a5-50a5-4300-8dbf-291279c28324
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: MT3 4133 baa842e master zrh-pixel-x30 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f8961a5-50a5-4300-8dbf-291279c28324
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2

200

/
spl.zeotap.com/ Frame 5C90
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=D2319F56-C5A0-42B9-B769-D18C2EDA2951
https://spl.zeotap.com/?zdid=1332&zcluid=f270faaf4d4acc77

95 B
546 B

19ms
19ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spl.zeotap.com/?zdid=1332&zcluid=f270faaf4d4acc77
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6b5f2faa19bf5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://spl.zeotap.com?zdid=1332&zcluid=f270faaf4d4acc77
content-length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDIzMTlGNTYtQzVBMC00MkI5LUI3NjktRDE4QzJFREEyOTUx&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDIzMTlGNTYtQzVBMC00MkI5LUI3NjktRDE4QzJFREEyOTUx&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

14ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug001:0:422
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJNfXEZoo08iizV84D9SHS8&google_cver=1

42 B
282 B

14ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJNfXEZoo08iizV84D9SHS8&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug004:0:459
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEJNfXEZoo08iizV84D9SHS8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 5C90 43 B
616 B 78ms
15ms Image
image/gif 169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 28 Nov 2021 22:13:57 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:256a61a5-50a4-4600-9e32-f5e5704687e5&gdpr=0&gdpr_consent=

42 B
514 B

26ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:256a61a5-50a4-4600-9e32-f5e5704687e5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug010:0:398
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: MT3 4133 baa842e master zrh-pixel-x1 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:256a61a5-50a4-4600-9e32-f5e5704687e5&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3263444035503318260

42 B
251 B

14ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3263444035503318260
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:406
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3263444035503318260
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44067512-ebff-4bb2-874f-f9d23e6f8868

42 B
451 B

44ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44067512-ebff-4bb2-874f-f9d23e6f8868
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
cache-control: no-store, no-cache, private
x-lat: amspug004:0:798
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=44067512-ebff-4bb2-874f-f9d23e6f8868
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9164184649206400284&gdpr=0&gdpr_consent=

42 B
367 B

56ms
15ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9164184649206400284&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug009:0:2178
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cac71035-0254-4547-9463-013821be5835
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=9164184649206400284&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp

42 B
312 B

16ms
16ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:604
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 D2319F56-C5A0-42B9-B769-D18C2EDA2951
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 5C90 43 B
872 B 167ms
32ms Image
image/gif 2a05:d018:d29:3605:6798:75ff:a274:9693
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/D2319F56-C5A0-42B9-B769-D18C2EDA2951?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:6798:75ff:a274:9693 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D2319F56-C5A0-42B9-B769-D18C2EDA2951&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-21GisMdE2uUSXb2hFeeUfAwcixNlI1Q-~A&gdpr=0&gdpr_consent=

0
48 B

17ms
16ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-21GisMdE2uUSXb2hFeeUfAwcixNlI1Q-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-21GisMdE2uUSXb2hFeeUfAwcixNlI1Q-~A&gdpr=0&gdpr_consent=
date: Mon, 29 Nov 2021 22:13:57 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3461406640998964335&gdpr=0&gdpr_consent=&us_privacy=

1 B
246 B

14ms
13ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3461406640998964335&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-store, no-cache, private
x-lat: amspug014:0:359
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3461406640998964335&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=1ebc5df1-a338-463d-ad0e-56dbaf724a0f
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_uid=1ebc5df1-a338-463d-ad0e-56dbaf724a0f
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=e281b5ac-7392-4743-ae53-30ce284ee46a&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1ebc5df1-a338-463d-ad0e-56dbaf724a0f&gdpr=&gdpr_consent=&gdpr_pd=

1 B
180 B

15ms
15ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1ebc5df1-a338-463d-ad0e-56dbaf724a0f&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-store, no-cache, private
x-lat: amspug007:0:924
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=1ebc5df1-a338-463d-ad0e-56dbaf724a0f&gdpr=&gdpr_consent=&gdpr_pd=
Date: Mon, 29 Nov 2021 22:13:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 5C90 0
104 B 133ms
25ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D2319F56-C5A0-42B9-B769-D18C2EDA2951&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
203 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
cache-control: no-store, no-cache, private
x-lat: amspug010:0:493
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3e9354e2-d33e-49fb-a662-e8d05a24cba5&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
187 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3e9354e2-d33e-49fb-a662-e8d05a24cba5&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-store, no-cache, private
x-lat: amspug020:0:431
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3e9354e2-d33e-49fb-a662-e8d05a24cba5&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5C90
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=9164184649206400284

42 B
110 B

14ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=9164184649206400284
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:55 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:313
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9517e04f-d187-46c6-ade5-0c2b7402484d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=9164184649206400284
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame 5C90 35 B
238 B 102ms
30ms Image
image/gif 54.228.52.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.52.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-228-52-99.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 8D16 111 KB
39 KB 138ms
137ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d8ac9578283111bcae94234cbcd2b1773fe51e403ca75f65cb5fa0a25b35764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40073
x-xss-protection: 0
server: cafe
etag: 15552614139370138669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

POST
H2 204 tracking.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 96ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:57 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 32CF 0
0 14ms
13ms Image
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-7...
https://mwzeom.zeotap.com/mw?google_gid=CAESEPcLlgCP4-2l0zPHdQifERA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc...

95 B
153 B

32ms
32ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEPcLlgCP4-2l0zPHdQifERA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fac0def5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEPcLlgCP4-2l0zPHdQifERA&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6...

95 B
153 B

22ms
22ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2faa6a3f5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?cid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 32CF 0
331 B 196ms
21ms Image
text/plain 37.157.6.251
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dc...
https://mwzeom.zeotap.com/mw?cid=44067512-ebff-4bb2-874f-f9d23e6f8868&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6...

95 B
153 B

24ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=44067512-ebff-4bb2-874f-f9d23e6f8868&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2faa09905c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=44067512-ebff-4bb2-874f-f9d23e6f8868&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 32CF 0
54 B 22ms
16ms Image
text/plain 2a04:4e42::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-vcl-time-ms: 9
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
server: nginx
x-timer: S1638224037.413272,VS0,VE9
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-hhn4059-HHN

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 32CF 0
411 B 994ms
100ms Image
text/html 2600:1f18:6593:f607:ba15:f8ca:726:bfa6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f607:ba15:f8ca:726:bfa6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Content-Type: text/html
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 32CF 0
41 B 20ms
15ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6ea614-b668-44d5-4258-826e87fbe92d%26reqId%3Dce8acc93-b9ac-40c6-73ed-ab69e674948c%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:56 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=136...
https://mwzeom.zeotap.com/mw?cid=04654168-1a34-41ad-b6c4-41fae8ee288e&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
153 B

23ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=04654168-1a34-41ad-b6c4-41fae8ee288e&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fabedb45c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=04654168-1a34-41ad-b6c4-41fae8ee288e&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=9e6ea614-b668-44d5-4258-826e87fbe92d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=9e6ea614-b668-44d5-4258-826e87fbe92d&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=65212596784205182982595777755166594848&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-...

95 B
153 B

24ms
23ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=65212596784205182982595777755166594848&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fabacfc5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

DCS: dcs-prod-irl1-2-v020-03726f962.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: yzXFET5eT8Y=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=65212596784205182982595777755166594848&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 /
loadeu.exelator.com/load/ Frame 32CF 0
324 B 217ms
29ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=9e6ea614-b668-44d5-4258-826e87fbe92d&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021112923-19685-0.073303001638224040-65de840e33ff5590878729426793e80c&zdid=533&env=mWeb

95 B
153 B

16ms
16ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021112923-19685-0.073303001638224040-65de840e33ff5590878729426793e80c&zdid=533&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fab5c395c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021112923-19685-0.073303001638224040-65de840e33ff5590878729426793e80c&zdid=533&env=mWeb
Date: Mon, 29 Nov 2021 22:14:00 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=7036118662445267092&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-...

95 B
153 B

23ms
21ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=7036118662445267092&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2faa097b5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=7036118662445267092&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 32CF
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d

95 B
425 B

20ms
19ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d

Requested by

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=9e6ea614-b668-44d5-4258-826e87fbe92d
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9e6ea614-b668-44d5-4258-826e87fbe92d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=9e6ea614-b668-44d5-4258-826e87fbe92d&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=2YvXuRkD0EWOns/xvmz3le&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40...

95 B
153 B

21ms
21ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=2YvXuRkD0EWOns/xvmz3le&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fab7c735c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
last-modified: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=2YvXuRkD0EWOns/xvmz3le&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame 32CF 36 B
334 B 98ms
10ms Image
image/gif 89.163.159.106
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=9e6ea614-b668-44d5-4258-826e87fbe92d&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 89.163.159.106 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=9e6ea614-b668-44d5-4258-826e87fbe92d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=9e6ea614-b668-44d5-4258-826e87fbe92d?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=6c84b138676a7ceb38bbd4554f581ddf&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9...

95 B
153 B

21ms
20ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=6c84b138676a7ceb38bbd4554f581ddf&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fab8cb25c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=6c84b138676a7ceb38bbd4554f581ddf&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
cache-control: no-cache
x-server: 10.45.21.197
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-4XoUH4ZE2oquuaaY.p57w0UgDKjA_YW2tQ--~A&zpartnerid=570&env=mWeb

95 B
153 B

28ms
27ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-4XoUH4ZE2oquuaaY.p57w0UgDKjA_YW2tQ--~A&zpartnerid=570&env=mWeb
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fabdd875c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

date: Mon, 29 Nov 2021 22:13:57 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-4XoUH4ZE2oquuaaY.p57w0UgDKjA_YW2tQ--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjDyhbQKImYXoea4UqbXA75L%2BS41iYitP1U%3D

95 B
164 B

42ms
21ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjDyhbQKImYXoea4UqbXA75L%2BS41iYitP1U%3D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2faa09745c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=Joa0jm1PQjDyhbQKImYXoea4UqbXA75L%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 32CF 43 B
324 B 52ms
22ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 32CF 0
338 B 109ms
27ms Image
text/plain 52.30.98.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.98.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-98-117.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: private, no-cache, no-store
x-request-time: D=37 t=1638224037
x-served-by: beacon-n008-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 32CF 95 B
360 B 16ms
13ms Image
image/png 168.119.79.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.223.79.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YaVQpQAIXKp-pABG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab6...

95 B
153 B

38ms
34ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YaVQpQAIXKp-pABG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fabcd7b5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1638224038.626387,VS0,VE90
x-served-by: cache-hhn4050-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YaVQpQAIXKp-pABG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=42b661a5-50a5-4f00-ac9e-def5795000e4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc9...

95 B
153 B

35ms
35ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=42b661a5-50a5-4f00-ac9e-def5795000e4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fabcd535c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: MT3 4103 f8fad19 master cdg-pixel-x11 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=42b661a5-50a5-4f00-ac9e-def5795000e4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 32CF
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674...

0
337 B

27ms
27ms

Image
text/plain

52.30.98.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 52.30.98.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-98-117.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
cache-control: private, no-cache, no-store
x-request-time: D=37 t=1638224038
x-served-by: beacon-n019-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
date: Mon, 29 Nov 2021 22:13:58 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a004-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 32CF
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-425...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-425...

43 B
645 B

30ms
30ms

Image
image/gif

52.95.126.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&dcc=t

Requested by

Protocol

HTTP/1.1

Server

52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: TWF8EV2Z7W8TQKBJBNGE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: NS6YV92GDS8ASX12CJBC
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=9e6ea614-b668-44d5-4258-826e87fbe92d&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://tags.bluekai.com/site/87734?id=9e6ea614-b668-44d5-4258-826e87fbe92d&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
153 B

31ms
30ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2fb06f4d5c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Mon, 29 Nov 2021 22:13:58 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 7087
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 32CF
Redirect Chain

https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D9e6...
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361

95 B
176 B

52ms
51ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 6b5f2faf3cb75c56-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

location: https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
date: Mon, 29 Nov 2021 22:13:58 GMT
cross-origin-resource-policy: cross-origin
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 32CF 557 B
495 B 27ms
25ms Script
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed1f6bcfbdb229cb3e901c2feec823e96e3de665086469fcdf79f6e61ff62718

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray: 6b5f2fa9d9145c56-FRA
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 google
cf-cache-status: MISS
last-modified: Mon, 29 Nov 2021 22:13:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9299
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=42b661a5-50a5-4f00-ac9e-def5795000e4

0
239 B

379ms
94ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=42b661a5-50a5-4f00-ac9e-def5795000e4
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: f72efbd84733ea5ba734e4e8fe0395a3
Content-Type: image/gif

Redirect headers

Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: MT3 4133 baa842e master zrh-pixel-x13 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=42b661a5-50a5-4f00-ac9e-def5795000e4
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 29 Nov 2021 22:13:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9299
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDdkNTNiNzBlZjdlMzNmNTc4OTZjN2VmYmEzMDgxNTAzOWFkNTZhOQ

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDdkNTNiNzBlZjdlMzNmNTc4OTZjN2VmYmEzMDgxNTAzOWFkNTZhOQ

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDdkNTNiNzBlZjdlMzNmNTc4OTZjN2VmYmEzMDgxNTAzOWFkNTZhOQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f69a50991384d09413b97a37bb74928b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 9299 70 B
264 B 38ms
27ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9299
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/6JLIv1RuKsUV8qFvpvtfXg?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3857649443309580887

0
239 B

95ms
95ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3857649443309580887
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 84e0f527cd81a00b0210e20b4ee7ed94
Content-Type: image/gif

Redirect headers

date: Mon, 29 Nov 2021 22:13:58 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3857649443309580887
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9299
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dMOEFLVzUtNS1LTVNK

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dMOEFLVzUtNS1LTVNK

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dMOEFLVzUtNS1LTVNK
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f72efbd84733ea5ba734e4e8fe0395a3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 9299 0
0 176ms
19ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9299
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEwMW1hQFhMEpC-7Xm-eBxY&google_cver=1

0
239 B

162ms
94ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEwMW1hQFhMEpC-7Xm-eBxY&google_cver=1
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: f72efbd84733ea5ba734e4e8fe0395a3
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEEwMW1hQFhMEpC-7Xm-eBxY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9299
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YaVQpQAIXKp-pABG
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaVQpQAIXKp-pABG&_test=YaVQpQAIXKp-pABG

0
239 B

366ms
93ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaVQpQAIXKp-pABG&_test=YaVQpQAIXKp-pABG
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: f72efbd84733ea5ba734e4e8fe0395a3
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1638224038.538218,VS0,VE0
x-served-by: cache-hhn4050-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaVQpQAIXKp-pABG&_test=YaVQpQAIXKp-pABG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 cmp
spl.zeotap.com/ Frame 32CF 0
0 19ms
18ms Document
text/plain 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b5f2faa097e5c56-FRA

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ Frame 0BD4 270 KB
97 KB 114ms
67ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63dffc7a3942f6adae224f8675c2e4edbe72ec384376994576bdd4fa9ef654d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99572
x-xss-protection: 0
server: cafe
etag: 2192622060964878089
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ Frame 7173 270 KB
97 KB 90ms
90ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

405199c008df895afbd8d2bc39ed0efd73ce193105f3271b14a0fa0841e7a329

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99573
x-xss-protection: 0
server: cafe
etag: 16090324868812368786
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ Frame 8D16 270 KB
97 KB 133ms
133ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2f6b8b3cd60716a94d85cb72a339e4b5125d86cae6dc3afe8c7b0b88eb5e0de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99573
x-xss-protection: 0
server: cafe
etag: 2142438622385590921
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/15238/ Frame 73EE 38 KB
11 KB 41ms
8ms Script
application/json 143.204.98.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by: Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-4.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 20:40:11 GMT
content-encoding: gzip
etag: W/"2b2f816f40499d384e118ce88a266e02"
last-modified: Thu, 02 Jul 2020 15:35:12 GMT
server: AmazonS3
age: 5627
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ZolZs5NVXmgdc4a895Z2WMsZso4yGDSKphe2i5c5dIl_w8lhvvHCpg==

GET
H2 200 sirdata_03022021.html Show response
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 782D 636 B
577 B 17ms
17ms Document
text/html 5.178.65.253
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.253 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: i.e-planning.net
Software: openresty /
Resource Hash: 14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

server: openresty
date: Mon, 29 Nov 2021 22:13:57 GMT
content-type: text/html
last-modified: Wed, 03 Feb 2021 21:18:20 GMT
etag: W/"601b131c-27c"
expires: Sat, 28 Nov 2026 22:13:57 GMT
cache-control: max-age=157680000
access-control-allow-origin: *
content-encoding: gzip

GET
H/1.1 200
OK setuid Show response
prebidserver.pixfuture.com/ Frame FE6C 0
524 B 293ms
98ms Document
text/html 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AGz0D1WqaC8hbJeu
Requested by: Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Mon, 29 Nov 2021 22:13:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Vary: Origin

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 72AB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YaVQpdctlXTUZXoe9iiQCAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1&gdpr=1

43 B
1001 B

11ms
11ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:57 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 72AB 70 B
264 B 31ms
30ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 72AB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEG6Row3u6TA4YZ3i5ePmKoA&google_cver=1

43 B
315 B

459ms
11ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEG6Row3u6TA4YZ3i5ePmKoA&google_cver=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEG6Row3u6TA4YZ3i5ePmKoA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 72AB
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&dcc=t

43 B
645 B

104ms
104ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&dcc=t

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1

Protocol

HTTP/1.1

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: EKEAVKSFY3JJNWY2Y0FD
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: DFMWY313J4F0GGQPF92K
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 72AB
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=e7ac3de6-9366-4d42-be9a-9ac5d69c864f

43 B
1 KB

14ms
14ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=e7ac3de6-9366-4d42-be9a-9ac5d69c864f
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=e7ac3de6-9366-4d42-be9a-9ac5d69c864f
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 132
Expires: Tue, 29 May 1984 15:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 72AB
Redirect Chain

https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=

43 B
315 B

13ms
11ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

date: Mon, 29 Nov 2021 22:13:58 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 72AB 0
15 B 12ms
11ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YaVQpdctlXTUZXoe9iiQCAAABJIAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK CookieIndex
rtb.adentifi.com/ Frame 72AB 0
88 B 735ms
96ms Image
text/plain 3.222.216.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.222.216.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-222-216-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/plain

GET
H2 200 um
u-ams02.e-planning.net/ Frame 72AB 42 B
103 B 18ms
18ms Image
image/gif 5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=cd67d0220b8943e9&uid=YaVQpdctlXTUZXoe9iiQCAAA%261170
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dcd67d0220b8943e9%26uid%3D&s=190243&C=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:57 GMT
server: openresty
content-type: image/gif

GET
H/1.1 200
OK GS.d Show response
js.cookieless-data.com/ Frame 782D 0
535 B 527ms
28ms Script
text/plain 51.158.28.83
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1638224037700

Requested by

Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.158.28.83 Paris, France, ASN12876 (Online SAS, FR),

Reverse DNS

51-158-28-83.rev.poneytelecom.eu

Software

nginx/1.11.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains; preload
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx/1.11.3
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
Expires: Tue, 01 Jan 2000 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 0BD4 208 B
643 B 136ms
48ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

0bf10f794b7979d2abd8fd4cdee18c36e1b2fc69825ec0c228a1afe73dbe42ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0BD4 107 B
792 B 136ms
49ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0BD4 107 B
549 B 133ms
45ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3544 16 KB
9 KB 403ms
302ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1aee5162d62009e9fcda4f5a9f5122cbcabb8b2b1864c1aa3cdf8f08fae38e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
content-length: 9192
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 8ms
7ms Image
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=wGwlv6HPxP-HIBp8OW-cJB7nqy5wDyVdHz84VadieR9gB4WaFGw8nWwnnf9cx9Hyb6JWn8ZTPpcVybPi3OyVph-gjHlzC1LzODKHr02bZiMTJpAjSgxeoOloD1Ynqwh6lyTm8QN83WL_wek_U7deZkHp8y9aA_R-_Afc2Y8CEQY4XV2CKrThrThMIqSaVTJhNulmgRjJx1IxNbE1ilTuiL5VgxZMHRhR||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4=|N7fu2vKt8_s=|H4WRbgInQzMk3f4R5GVsfoUniHcI-9Ohbk0Kvr9eA3prSi-3walcdwsKqzEuQAQwDA3B_G02HvW1TcYu9wXAYkeRrj9G0C_zdWaYa_u3fj2hu2EClwBpb78c1dN_6WHDQvS7pMs4bd8KvA8Hlbg8h-wDylSkkmeK6hA8QQLiQDbe3YMoMkaWaQt3xDNTkbsd13tQ9ZvYGBoCpvcOsB1Oa6fNQJI_cIXl|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vi=1638224036213479303&ugd=4&cc=DE&sc=HE&startTime=1638224036254&l2type=setting&vgd_l1rakh=1638224036149090016&l1ch=1&sttm=1638224036255&upk=1638224036.26170&hvsid=00001638224036255031177838086380&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A35|7877&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=2886993991&sethcsd=set!N2%7C7980&vgd_pgid=p11580757920t202111292213&vgd_pgids=2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:58 GMT

GET
H/1.1 200
OK bqi.php
lg3.media.net/ 15 B
15 B 109ms
109ms Image
text/javascript 2.21.140.74
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO9OT5EW&kals=base%7C%7Cpc%3D100%7C%7Cfat%3D0&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=wGwlv6HPxP_qDlTVDZFzEPQukPegNTpLVaBqdwYR8fP9uwzWVUkv2m2apAiIsZfTWUxxKDc1U9DCqVrykQ7R3wQtH8n-pAq3UCm4BU3foUNOWQ3AvXc95_t7k8fDGDEwgZ56-xKoauvmzJsOz746TzS4eLanopUNS5FJGu0RlFMH0jYxHQOVXG9f_CNUQRdl65AtpviiQb5IVsEhytlvpXNUqOICmFYgZT7jY4QbGB0=||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|4ErAfL7hleHTDeYA-td9lRvGbjThJshVK-m9TzftD0ARry5IeHqZiRrG18JYUKwt09BoRvk2cBBHIQZqz626GT1w_0mhfgm3u530Yt0PEo7WykX_i4kB8j6xWqy-ef-ZwrO-rivwHL4=|N7fu2vKt8_s=|Th4ZpVITrm8GzGhxCbVRc13roCJjYAU-doqr0vNfx_xuZiAba458SyoLw94NscyhBWq92NqUl3d17wMjEhlZKuWfgYDLZKOJCwAEXz5ThbZtk6hn47G715ZEdvAPNvnH7NkiE8cCR2GUM7v19hnq0lXGkJXyL3kd4lPYmyeD2i8Lil1gyT0ALEao6EmMkTko07scXUhHjoHpYLOcqZXldHEseCbWzwU7|&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss&vi=1638224036765921355&ugd=4&cc=DE&sc=HE&startTime=1638224036263&l2type=setting&vgd_l1rakh=1638224036149090016&l1ch=1&sttm=1638224036264&upk=1638224036.26170&hvsid=00001638224036264031177838082242&verid=3121199&vgd_sc=HE&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D0&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!A35|7877&vgd_l1rhst=contextual.media.net&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&cl=%7B%7D&l2ch=0&l2wsip=2886781044&sethcsd=set!N2%7C7980&vgd_pgid=p11580757920t202111292213&vgd_pgids=2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-21-140-74.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=21600
Server: Apache
Date: Mon, 29 Nov 2021 22:13:58 GMT
ntCoent-Length: 15
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 15
Expires: Mon, 29 Nov 2021 22:13:58 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 7173 208 B
265 B 130ms
85ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

e917694cdde820e56d8cd80ea4c9abaf236ac16e8d23972edb03b1069806bbb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 7173 107 B
165 B 105ms
58ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7173 107 B
165 B 101ms
54ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9EBE 15 KB
9 KB 374ms
310ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66d3aeb3e4109edb87c3e26cd18d6560884df65c6010d22e0a95245314509b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
content-length: 8895
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 8D16 208 B
261 B 120ms
94ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

06aa483f49864b26c7116d670ec1b16c4f451385bf31d500285414a0d1d5771e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8D16 107 B
165 B 96ms
68ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8D16 107 B
165 B 91ms
64ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F986 15 KB
9 KB 391ms
348ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e1576f79a72049a6421e7929cbbd4071a7140fc7f73c98052a7f607f6d994ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
content-length: 9155
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0BBD 52 KB
17 KB 37ms
7ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 29 Nov 2021 22:13:58 GMT
Age: 59872
X-Served-By: cache-lga21974-LGA, cache-hhn4025-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1172043
X-Timer: S1638224038.325402,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 23CE 0
0 139ms
138ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 29 Nov 2021 22:13:58 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C2A4 14 KB
5 KB 7ms
7ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=20767
expires: Tue, 30 Nov 2021 04:00:05 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 23D0 0
80 B 30ms
22ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 29 Nov 2021 22:13:58 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 083D 14 KB
5 KB 7ms
6ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=20767
expires: Tue, 30 Nov 2021 04:00:05 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 2BF6 0
80 B 27ms
22ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 29 Nov 2021 22:13:58 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 05EE 52 KB
17 KB 31ms
7ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 29 Nov 2021 22:13:58 GMT
Age: 59872
X-Served-By: cache-lga21974-LGA, cache-hhn4068-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1198385
X-Timer: S1638224038.325288,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D14C 14 KB
5 KB 9ms
8ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=20767
expires: Tue, 30 Nov 2021 04:00:05 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 4345 52 KB
17 KB 28ms
6ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 29 Nov 2021 22:13:58 GMT
Age: 59872
X-Served-By: cache-lga21974-LGA, cache-hhn4032-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1171155
X-Timer: S1638224038.325485,VS0,VE0
Vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 9AC6 0
0 328ms
103ms Document
text/plain 67.202.105.21
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip21.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

x-33x-status: 2000208
server: 33XP004
date: Mon, 29 Nov 2021 22:13:57 GMT

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 1B71 0
91 B 22ms
21ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 29 Nov 2021 22:13:58 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A70B 52 KB
17 KB 29ms
6ms Document
text/html 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.18.0 (Ubuntu)
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Sun, 28 Nov 2021 05:36:04 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 29 Nov 2021 22:13:58 GMT
Age: 59871
X-Served-By: cache-lga21974-LGA, cache-hhn4081-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1214309
X-Timer: S1638224038.329949,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1383 281 B
554 B 10ms
7ms Document
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 26 Oct 2021 17:01:05 GMT
ETag: "40019-119-5cf446c48f640"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 29 Nov 2021 22:13:58 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 9EC2 0
0 146ms
143ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 29 Nov 2021 22:13:58 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 9627 0
80 B 23ms
20ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/16.221.0
date: Mon, 29 Nov 2021 22:13:58 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 59DB 14 KB
5 KB 9ms
7ms Document
text/html 2.21.141.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-175.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=20767
expires: Tue, 30 Nov 2021 04:00:05 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame E353 0
0 150ms
149ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 29 Nov 2021 22:13:58 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame F9E0 23 KB
8 KB 75ms
74ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2029%2C2028%2C2027%2C236%2C237%2C2025%2C238%2C117%2C97%2C99%2C55%2C3012%2C3011%2C3010%2C2040%2C3007%2C201%2C4%2C246%2C2037%2C203%2C9%2C2011%2C3022%2C3020%2C172%2C251%2C175%2C2009%2C255%2C178%2C3018%2C3017%2C3016%2C214%2C3014%2C70%2C77%2C38%2C182%2C261%2C141%2C222%2C301%2C225%2C80%2C10000%2C108&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&itype=PREBID

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

386653e6cfd832d3a758f86b3cc4c88ead8d2b7b8da4b2a30f1a144cb03cc681

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:58 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
content-length: 8227

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame B311 23 KB
8 KB 71ms
71ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

386653e6cfd832d3a758f86b3cc4c88ead8d2b7b8da4b2a30f1a144cb03cc681

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:58 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
content-length: 8227

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame E83A 23 KB
8 KB 79ms
79ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

386653e6cfd832d3a758f86b3cc4c88ead8d2b7b8da4b2a30f1a144cb03cc681

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:58 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
content-length: 8227

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 2275 0
0 143ms
143ms Document
text/plain 63.251.14.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13480300
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.14 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

Server: nginx
Date: Mon, 29 Nov 2021 22:13:58 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1sea1

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 9F0C 23 KB
8 KB 82ms
81ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

386653e6cfd832d3a758f86b3cc4c88ead8d2b7b8da4b2a30f1a144cb03cc681

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=604800
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 01 Dec 2021 22:13:58 GMT
date: Mon, 29 Nov 2021 22:13:58 GMT
content-length: 8227

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 95ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:58 GMT

POST
H2 204 vtr.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ 0
309 B 95ms
95ms XHR
text/plain 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 01 Dec 2021 22:13:58 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1383 32 KB
10 KB 22ms
21ms Script
text/html 104.89.20.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-20-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 00:01:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=27145
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9512
Expires: Tue, 30 Nov 2021 05:46:23 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 4345 0
735 B 15ms
15ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 049d6512-4e50-4118-9cc6-7e20a1778008
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 05EE 0
735 B 26ms
13ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 715ae952-b485-4047-b610-eb8f944b3ad8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0BBD 0
735 B 36ms
13ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 50c5c204-5e74-4254-a106-1d1a7128d67e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A70B 0
735 B 72ms
52ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 257472d9-add5-4fd0-90d9-b13a64941268
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200 ptrack Show response
a.audrte.com/ Frame 73EE 368 B
880 B 105ms
105ms XHR
text/plain 18.215.193.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.audrte.com/ptrack?arlocation=185.213.155.176&p=M1353665098&artime=2021-11-29T22:13:58.540Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lM0E4MDAwJTJGc2V0dWlkJTNGYmlkZGVyJTNEZXBsYW5uaW5nJTI2Z2RwciUzRCUyNmdkcHJfY29uc2VudCUzRCUyNmYlM0RiJTI2dWlkJTNEJTI0VUlE&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by: Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.193.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-193-43.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 51469d5458d2b58fafaa0c8144215795a3b2b5d079cc32c9cd18956fff6115be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: https://ads.us.e-planning.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 263

GET
H/1.1

200
OK

setuid
prebidserver.pixfuture.com/
Redirect Chain

https://pixfuture-inv-nyc.admixer.net/adxcm.aspx?gdpr=&gdpr_consent=&us_privacy=&redir=1&rurl=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dadmixeropenrtb%26gdpr%3D%26gdpr_con...
https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=f2fcaa08f326410bac093c7d33257b4e

86 B
747 B

110ms
109ms

Image
image/png

157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=f2fcaa08f326410bac093c7d33257b4e
Protocol: HTTP/1.1
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 86
Expires: 0

Redirect headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx
Access-Control-Allow-Origin: *
P3p: CP="NID DSP ALL COR"
Location: https://prebidserver.pixfuture.com:8000/setuid?bidder=admixeropenrtb&gdpr=&gdpr_consent=&f=i&uid=f2fcaa08f326410bac093c7d33257b4e
Access-Control-Allow-Credentials: true
Connection: keep-alive
Keep-Alive: timeout=25
Content-Length: 0
X-Xss-Protection: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3544 42 B
63 B 78ms
77ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ADXtk-t2mMwdXFxI3fnZVAMyGssGoBVmmAsEsXNYOLSsL_lptP1wsHGf9z6h81HKRjXqLbvJagHoO6CXSPEdyHiPIVDzuq8fnXWYPat8buc3Izm_8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3544 2 KB
1 KB 164ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:04 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3544 119 KB
37 KB 188ms
66ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Nov 2021 22:13:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3544 15 KB
7 KB 157ms
36ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:13:09 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3544 0
0 161ms
44ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQmKNrdwVpxFNSSwjnK6-Uag2kPeNW53G_sszJKS166AHaPi9JqSnPi5Rv0ik-_-3HMn0NVY7ib_plkjtUxvat0_6pDMw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9818 624 B
297 B 58ms
55ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARim5eioATAB&v=APEucNUzkUYoqNF8vQfGA0y64lKxv3GRGEhytwr7LzERlid18u71VckCZin5KMqmydIot-h-fcd0vXHSa_WzW6zF_VJdDDVBX0Vjj3fvLDfRMhj4V--LMIU_RAZxg-Snn6vcMkeRyabIJkdqNHokIQuipriqG8H0ONUT5kpdOQC73ORoPMNAUHlMhsCNex4uWXb3ecHUIfk81XfSO5GNJZ-Og_lnE6gczw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3544 78 KB
31 KB 143ms
96ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuYJSlMAwqzRBv0v9H5OLStdwAWLbILIDX4cWht1sXGekEYLFcMBmySPHm4d9cWMRPjuDuBEXVn5qR7vmQvmdsmDLxbt02zoMOwETMGOGX_6nGr12Wz0OIlX0fEY9Q7FKsH1-cZOhtzO2b0bZLQSfk9Y-TiA&dbm_d=AKAmf-Cx83gwxjnoS8tKb4Dk8j8e55jxZY0TxkDBZ_8wMBrgbvigYPtlXtnKgIbrBR96ORqW3oCyGET0sKTdNWVZi3hfnU-y07ZGPSsGaH_C3XKkx-4euZvYlE7bqkdIZIEKIO3D1dIxPjBU2qBoAb9zgvA6FbcvfBMqjmjfY8TGiZCFZDIyNrSkvJS06DaQguBa-K3KzPhK4Z99Bv52xgPkXIbHj78vPLWzZdF6JQGf4BR2ep5ZXMXnLbR01jNFp_zEfZapwl7nYv5p3AonzwVkxiqMWkVGUCBplYyNjcpVfZHL3TxXyU2DXOpUbr_342k3jhPx3cD-H1HHJH8COsDVaKgDwbrEMGjD3hMIoaIdDt5Fvlvlhc2jVBS5sllAf0AqjeuMLu7hhxbgfeFlWSyua9fndvyO1EVsIjKpcwSb4knWl33Fr7wLQzTW0O-Q36_ljZMWKi49AcgAEMfqOSyZmjPcM2fZJe5gawsGzZpfEwoo4M8C1TroABo1cP7DIzevl0DZDZ6s2AjL9bW5TDH7hXGxv29Dse0agyZn3FMY32pxKraANj9XARtwD1KJ343gWV-ACnH9YV0VgzS_LcvYSaaz9PmyPUwzNhHcRdGPI8oVMI8s0eN6UZ9BydyBUsXe6URJlhtiQfPPBubSuXmi47D6eWrCicYNG8S2806XvDJtz3lzUi_Wrpg6C4N9sXOrw_AHNTBNcyT86fjhJUQ5zsVbfOz8LAAXZXW3OsvCRzwdwEr2nVdLt0Vtnp19LCLmt713tm_IQpFjcXb9jU6AF9DotvAfTIKcfYNCwwC6JsYIy8uIVsIOyXOB8sROH7TaNeyWgqvhjI4FIYeEPUY0CnR_LwSFQ6b6XfSZ5XZ2xmpXbQQkHlX7rtW2y2UIG0MWB9oe2FxIdkLIm6DJr_TR8_H-Jnz-jhNdUz5iX_6E_H1PWPPMQWcQWe_-unvj81x59oMSCpt_9HPf2LqzyWB04tqz6oPOoUvurNUZIAoFBHyX_QFcIiX5IKGhZSliKcqc4yxs4MkaCKfTLne5F3KJOnZebfRoov-oriUdcf3AdD6_sqc2vQolaTp0gb1xPuMPT9jTsb8EXPVU1yb_xExZpPEU13yoDZG9AYQs6el6vP6SQV-ZuiY4L_dGQ-6N6c8V8HsG-MmCNhbtN1HzfORZ5hMKJEhRzoHbTIdlFZucsVlpmRlMx9rIyHEr3AhZStNDoIPBPMS09_A2xpfKfTnTzMEzo7OPSCZUuvY2snMIqZPdoPI8YE8pNIE6c0Q1I3m6_rYNGy-aC9Ys2_UdCFQJeT8EVr84lJzsx-3HNlmZIB9xcBM-7S-YpBB31dXtt5fxs_MfI0J1sx75aKp0YMCpvkh_c7MWW0kvLeA_Eyaq38gWrCgyfIoICHdA34XsBEFesJRO40sbny8N7kXsdLaIlX-SzhNt-g_nPoKWwTZ36EkP67vt2atA13sfhw7rX64ZlKjlAqlzoyPM2gdb7_xkWKbuLe3TozO-YtVv-64Q2RBE9WL9G0asc8xDJlrZXdE20O3j3GbYVAaysm1illEmT738I3fnMhqjnZjJ4Mcc7GwzsWssvr1nQ_H6bpCRrQHGYtimjwxd6k4XVaxfS7_g8pUjsrrQ7wYUT7iKsefiY8l_JFEcwM3RWjVob3PKRnyR56Nqq-M2IRKCIDNM70MAmmCJ70NzPZXh4TsDHKe7q9YHl7vJwyrHL5nvTrAvdaNsHZ2IPcbAPsAxPwa7aw-OEbocFdw1xBuzu87gBRfTCeo1r3_Ne72NSvFH58_AlHBK10hFGQJJmgiqj9x7agEf2N7iPgJhSscIkai_CDhbMvC3_Vz62-BXuZfVcqbvi_CL3pOyQRbfQkwpZXvTrXE3xKU3g44h-PbFTr4NMCPsqVBU4luVlvUnPZ1j3BKwEFssv66Me931hHmBe92VZu1kyFTBW68ZpuRLbakK92XFytvVdo8gJST9slPK5Eoze58a5ibH4E4QsAlw2N3XSw8f04qt-sNNsNTWZaeqMkSHOt7k9fnOhLBNTP4iPFKr47oZDt24-aC-X0YDA3Rkw9gWJSblJVen66uPxbeZn6v5T3VG4AS99qCXnRvJUxVV91M4z2YL8O1GkWDFFo05iWorrmb_oeKGixwWL0GBZ7ZJOeGkDLjsPqmJZN0TUKljCv8VT3qGeHA1kOKECpjNOMNAa9FfU6WoNM4EVoTkf0ZwCdqUdrrYqIwuVLGJzEnQxfbKxlofNz5GdG6ItF72TAuZXcEOFRovxf4UzwbQfysmU4UYKBfc8vW0Wj3ZzR_gfpHPCm7OmmvgbAtv5R62qd9uURHNCTpKs3TSSJnh5Jee-6kYiC16q_uoSvMxbiK9llFcFpgjtmr0caJokindLNDuZyxB2074LwkWMJ4I5tTsCmHAln0lf-ZJjnRsaHC9N7gW_xQfzgaKD4pGsJikN0J2lWBQu4n40JryKs0m5BFEl75EzyB04nP2qjEU9vngtMHcSlrUylS36ZPwAgzglxIExN3ttjGQErEqaameNrQ-4XwaJGVaZRHJ4_oOZwxcLAO40hSywJEGM1iHFJghoJO3Ay_rAmfO_gqk_5whSOUMjgV2n9JyVMucjQ91RbMd50Gjn8DDSYOlWFYPgkIQ_18VBzJTMSFzIlD5qHbyBbxCvwyUo-Kn1quJdfpCWAZMV6igkz3QKpSqzFdHF_CdtY3INyxyclYlA9W_EC9pV4UaUXc1WnXK1ej2oY1TPaRG349HwpBBjJzBOBP9hzu9v6lD-eixn2AEx_e-PbK7g5jpNCm-lBUV24eNRzlxKM8MoM0HFpibHbbfKIbrlMJefgcBIIbQDYYKWJOkzmHQ_wRdAuYJ6iFWGBvDXyQhJDnS2idKgEW_LwJTvVOdWLsVkHBb0e0kgDJC1m6t-GKojFLSLbs3t1g-KxK7XuyL0_oQO82wfggApQc5XzX1QAASDvkXumRhKQ_7KAXQVZ6q0UAkPSOf3YszFp5UY_De_n2NFqS5zprX5LohNklX7zD8mswdGRp-9ivCcmMais5XgGdUCUBy5yalQufstVhHSHYQ-cDmyJakZ0_MlzG_lqsEH92NaIoE2h97c4BCrG9xqHs5D-XqYPHPOzCi7P9H74hP4KsLiCzievKFcW3c_Urc5Ou0y_jolPYrP8Q-1TPTRnVRc1xui0hM4as0dsT8jNZef22F0wPTIfjRzJruA61bpqNJoZxmvS1yVg&cid=CAASEuRo9lvHpFq9ZA930FKDOPdVuQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39b632b481faadc64ba05ff12257d314572250619ff13fccc0f2dc46215aa869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31912
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 73EE
Redirect Chain

https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=7706728541878583623
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEA0sy6XxHSZzew4OhqBGfxs&google_cver=1
https://ps.eyeota.net/match?bid=kh51m51&uid=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=

0
344 B

20ms
20ms

Image
text/plain

3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=kh51m51&uid=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://ps.eyeota.net/match?bid=kh51m51&uid=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK pixel
ps.eyeota.net/ Frame 73EE 1 KB
1 KB 116ms
7ms Image
text/plain 3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Content-Length: 1241
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H/1.1

200

p
a.audrte.com/ Frame 73EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=
https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=i328PSkdwABTp2k4kWUiKgeCw&gdpr=0&gdpr_consent=&google_gid=CAESEA0sy6XxHSZzew4OhqBGfxs&google_cver=1
https://a.audrte.com/p

68 B
617 B

101ms
101ms

Image
image/png

18.215.193.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Protocol: HTTP/1.1
Server: 18.215.193.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-193-43.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9EBE 42 B
63 B 77ms
77ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A9pPPkRWVq0Y4snzZEghEdDT45il52a0jitltKkvm6UKv9cK-34YZ3-jleVhpnMOmgA1Gcj7x-7x-lDcgn9mAnK9aX12BKX8MsLAXZiOiXOzes9_M

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 9EBE 2 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:04 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9EBE 119 KB
36 KB 118ms
118ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Nov 2021 22:13:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 9EBE 15 KB
6 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:13:09 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9EBE 0
0 44ms
44ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTXgGgWtX4A09MN5PI7_dvd20BBnNmhXu1XPX7R8pbLyqjiYe8RmVlE8J0DQXFUiYq-1neLBQkjJkWDuGVnTZ-S2_FuQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F986 42 B
63 B 77ms
77ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVl5UQeRLE-rhTvchC2DdWYIiUgbxinS9k9FVYR9SnkZUgEYiCTVxAA2cj2MJBi3bKvNAv-An5SDMpud8UJQYz2_Hrou_fqmQik8vCW4V31Hc2nkw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F986 2 KB
1 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 354
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:04 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F986 119 KB
36 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Nov 2021 22:13:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F986 15 KB
6 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:13:09 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F986 0
0 46ms
46ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSclbJs8gfz_mQbgG6cm893UA7oqGPy8s4o9pKgz8rT0GBwmoOUm7J35ZL77S-uSFodjUhe8usPVqKnsTbnrzOVvHU2OA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9081 624 B
297 B 51ms
51ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiG6eioATAB&v=APEucNVzDghMzF5L8N5MsDdn80kS62hOxzT0CnVhKUtFGaE_ETZpu3jMe5qN9lUk7QUFCpuHvNiYvYaZkn5I4xTCZcuFV78IvSuzF8HQxo0s9wYQ2NDbmmTOT9VnBoh1vvnUxtGYggAnUtVa7wkL668nB9irmeHPRFloe7WXp7z_STHgtSIYaRP6lY2wIXRKUyDG_ZqK4tto7vfqD3eLDpEBckjGXUYh2A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9EBE 78 KB
31 KB 104ms
103ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BhsomHGa0mu3OzfoQt53wQL3vwRdhjy43RS9sWz7OHmjXQnYQNZXSDg7LKKmt6i5ozkPC5H3HUkug1LMSoOlkuHZL5FqyCsZZQF6J1QIJt00YvBY0_xvBQQD6C9qhxLi3lQlFVqWhS2-P2PkrIUb3gTX6wkg&dbm_d=AKAmf-C2thHToF4JlAyUv73erloxzcs411TMQGiCTFUbiHtcNUSkF8Tp43iNM8IjgpN-6tmtBChM3Dz1jF43bWK1Hu1JDUPB_ua-jIuInpt5LblosO43KQ3c1UEGPxRfJ_mxTG-wABUQKTPpSzL9_r40eoLcIXviCP-Bnd3tdPFkhST0avMqULYnjI-u24xW21O49u52EEJasXJDXUQsNN9aB6abSkD4KYH7QHL5ZTyKV1NGgW5ohW152vhwwizH80WPWZOAPdm_Va63KNOuillCVBcv5hqs-1n7T5DLixpUs2d46I7E-pbthWBzb3jaNUHcXGujqVSFc6uDJzaH-Q2D1EHFrImbkrWJ7Qg17z99L28mbvnRtPQMhOoHRTYwwZyd7ZXThldcve0xUlsANGjfR5ScIUZPqNyputQTxFFT955_aL8HDo9csAq1kje4M7HuhJVinRMDwWWm17pGOjblj3buwr0h1OR4EsX5aZH-a36ccILG1Lok8-T4D6RtdLOGMGMRySYcCOEQkyn7hdepI2vwtITJzYxN6oJ1uVo5aBGHhlb9qoV8hzg8HaUOX2zFXzJfqFW-uuXEazmUaOpbho5pKfPldpCik7S1Du3sX4utd5q3UYl3-Vu1rjmwg4QclMIhZq0BmlYpFd_6PDC1BQtEkql1d2hwVlK6pbjlOcsFIo5hODNLeCBxxUYZdhP63GvgCZpyCu4wziGI_notphKkwN2OPL4BMhZMGZVYk8U3-ihrIh3ZElV6uyH5EbFKgQ38imgXtluVfQdDoPuIACUN9LoyfEIEKyPjldpOvs02n7WNMhMchE1rtw0dX5JQYWwJSbpEyUI2P9eC3pTzU7wDOo8Z4IPg5lyRqni-BTPSWbIDKVB9HkhKdcU_wgd_irv9IX-tA00ahsRwsq3fmhWj1h7KembM1nRFcTUYPBjXLXjzXKBLefmEBLgRhzKW7jNm4lfwcrjRHLelUapMGhaP63UJ2WKsMp3qzwF-3ZU6r3-TI53hEMisnrzLc16l4OXARPQosnZiu_9tWCXqG1P_RgSLOosqOXotfJsn7-zinsa95Ro31_RztusGQXMmpqSzyeNRpbRoKvsrrzWeFzZwpq0Vnh_FdURXRW2eYf9UuFM6PepYfC8vmH6ddYO19O-OBqVXNQRc1wzYSplqZ5aTK47OZVbVb9sMYkEh6MdDeqkF451S_HjBUKduMJaFgEyoXK0THubBc_wMwz__PPUKBae78c2Z6Ef8CfL62aShiVCTABsuuRTiQgeHW-CefDU0s6ITaLZZCMggFf-LCLiEhjorohobYJmULxqADc3H5_tWM_BbPdKSinIYYSHPCOC2YCbAJ8-IHhh5kNf4f02DjbVbPKj0l0yWmhM5fRJrjgoWzexpO_W4lZ5ldOvBJYES86Y4uXcd8xbHqB1SWAinmq-OQZ3qOU5Xv_TejwrQtoISzgTR41zst0Sqn3S5YsYCHclttvp9IK_OSr6MUU1_iO20UkghVT9UMle6zgaAW4_iFNykAWRZ_cq12ZWb8BwZv1hSAvhjahK6ZA657lkIwXE2epAXei6v6HfHQeTGRtGarA1WZ-TuftqFZaNxRdViLyfpiNU6oTfiA_euKq6yQMC76Qfq8QypENNr9TFodgSSjTAXa3110dQCG-hOKElf5BKP2Fq-3agcyon0DVA52jsQh0S60nzbWdGQiA-hEzBh1Ykc6iwseowtPCTudaMZd0NswNapkI1ACXkzkyUZ04IdUkOsYLlohbgS52xMoBsAyrTo4JeJiVRUq1uoDJPGnqucy3aqlzF-ZjCsxPmYoXgBaXyEnio_WPishuWbTDHXE7qcWO8KgK8S0P8nikbOwe-MPm9nG5X4D0ccCAoN1vYTXXlFEwF0B29DD-8LgSKfGdSCn8u8VgeO6gDypPmdKyWo5Bp2joPzSurvJDOZRB6Q5FhxEdMx3i4c1QDBOhszIYPd56-Gi9xZrV6XH0UrykdtQFRLPxJgGN3ABRHuZegm4Ioms-Ybca4WNkDTww1rBDbo8IYJPewWtLqV248YvM98jgRlISb6pS2Gk7A1rV5MX12IWB1sluyY42pVD-WCACaYEGB7Jm6FTZfRtKsGJLFz32ssE974f-eofmOj4iH-wylJzgR_VVl_ndAIa47HHTuTd3MlHKoaLqdYW_I9VBrDQXUxuvFIzlRueSf_eC-pdPS8STWJ22vM5RJBPRryvdHxEi-UInO6pvfIXd9IS-0Dx9PdNjO-y916fW2LlMmnGyjcAl5ZJMniD9ReiA4XQo5FYX72GM3qo5osoC7yiZ015K2Sm6Ow6u17nkXxRfpo3dNEy6mi3aqd6ZEXxeKzG1PU59CZm7-wPgR-UGmUktcf4QlE_k1YFaf6EltKwDgyi0lmOvTyplu4-y_tp0Js9SIpy_RRH5G1eV61DHmhK69sRzuTjRDIcjfoMUUFwQ5Ud-St14b3FuyghuxKpXkbVCnXgMUatsqkP1sziAHHTd-qjUPxbNeSOLxFr0sVP6FtvyCK8PcA1Lanz3zxpj6LLStsq85tT1I-E_KD6VyOYcBMuzGD9s7sJP0ujF_Zk3GPLioJ0wNWQfN2kEBQiTnIHuC5SSXq8MufPbwGK4tt70AVV-zT_fJHWx8-wjfd-pLcccgfhK4-KyIpTkCrHgJDZYyErnuGICKkCubrP1tsuv1Z7U_YHf8yY6aeOudlV8nnx4zcAF8Rb51o3Ci_tgwoKLIlRAz7dNy43AP7jBA8IMiSSIbVZmMtwcP9SRt2MqxEL-5vkG6U17y-_9e2YwblZ-Gjb5SmtxNGz31yC6IHfemIWNT7ln-9RF3PdDakrEfRXx0ZnIkV2pP3kuTjc89_qxLKUb_uVLf5Z129djHlHrXffXFJHDHpbUmuSV_d7Z3smBS1hbhX-9ihtvJQo3-gR1hLT8SRLdq_KIwQDt_nhbwrjiK0C4G2sk7PXd_p0SLFEq8JtDbHupng-wjVo2Zzd5ubzU4aPZPgl3ZV38itGrWqFdCZRMu3zPpaCqwVZDad5i_n2xR53CBY17IZ8wgdVnfG7VuGef3JeZhCzxQqpudME86MkjUDobD0PC62XKP5dCFX_83puoMuvisyO9YQh7MoRJmzxWhpac1eLSFUrYDsGh3hsUUYmcnsxMZ-WVB653bGOak07O-krX6tGgCZMLnMJj_vpItSgUeUGuJE9p-fTeUJC9ujOH27MErKcz50Gw&cid=CAASEuRoXaRuysCPldMo2s2-vrqQmA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cdc6f54d54f49e9ef05b1755e0cd21e19ff4e61275cd909918eceac729b4aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31749
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6160 624 B
297 B 52ms
52ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhDX2YykAhiN4fe6ATAB&v=APEucNUZTJr46uz88-8NnTmEDEKbbGBE1o4MtAjQjp_WeOpY7EkJS79_zthqiR7Tmfem9irlPFgycov0XxQ3-AMIAbnfKHLhHvNHiDkv_2IDcwsQU_ZQ0nTxpk8AkCFA_rnmOLE0G-gYoItJPcDlh1wqHXHCW-reK_ZB7fNbrtusv4SjJM-miE6r4jHEjh5CAvx-DaVnzT1jwH8hpXtepSol0YZcqfbwlA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 29 Nov 2021 22:13:58 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F986 54 KB
27 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbPVMVWRI-Fz_OukOOqCdnd9bi4nSErO-TdW6HQFgt79jJNLhLAPINdag0eTeRDYvQHwz25EvwZH9shS9Nx7LgOM7KLoCCT_uiTJd1zlln_bCIM0W0_XrXofMwjLYl6lAhRe2nkNGlHHIT6H4F_9fYqJgwYg&cry=1&dbm_d=AKAmf-A3BxJLPwNX02MIuXJLM9GzVt2ZIaf1tC4WBKyhR9y_sLuZBMX6ZrfU7bQNqSrHR1YEYg6rQNiBF0BU8qbi3yn9uLG13kdQ7Wyi4lJSGGXucKwCk7Vj-lSwjC7LndXQlQ5uCUaS5rsE6suBNlhLGeXxw5-7MZDDNkU18Ue4Ch8kSwlCSmh8qhqz9C2LJjFrsIrYn_8MbF7n8lDANB8wIT_JdhHGBnDaMbBDYsnUYrb6Wa0q2C2GMlw9chkiRkf4D3kxCcSQonLZrxihIb3jmw8_c7s44CFoZkJMUsB5WZ19FXBvxSPREc6vPIQkEOsXsHoy3pV3yw7rqUpsvYPWoUYGDTBHKDAnkRNpReq6sjVlhMlLkmXswLkTElz9hSRXIobABZw3hs-gfc2-VDqwjc13dmGHOlXoJOH8hEWh5Bxupdr6nwlliQ4qSZhMC91Y1jN3MKwqT4ttGPZUPvwl5gFvSXVY9rbjvH_2gNSrCntmwEhonvqit0NMB7MPIV8W5ucDQUF50q4C64k3Bxk9Sndezbw2wLE72iMoqsBknfwESKq02YT_h6kjiczXRrTOabw42sAtR2a0pl1m-o47ts1DDxCqdskBzPPfC_dVhDon3QklCzP6WwYTQY64L-iNH73GqTMsSWCVBGJ0GnqP74bHJnvzB1qCkCKFkGFSSdnCCYcihdRKEO7OWSFrAPszleFs5Vsviiv46gTqtE_3nd8jR1uMGsZI-S4gSGvxLkk37jU5eveYO6BWjAlvCsySRUIY_LqsdtO6MAAPul6_p5vLISjV0482fowPa8cMq1xnmnCOXkE9xrVJzrMcfMgdjZkvfleSt8WgMHHKwYbE2y0Ir7UaZcyuZDUp_j68i0R3PdsEn3bLaEwF3BLiW7x6Rzc4a0F2l1Hejxy65bieQ_yRE96KqbuAfZzgKscyV7N5oR7h283ZHTZK33BSJz_uLjtNnPX28A01sOITCzQuxIlM2M326F1udTLJIB_zdAKyJ799AlKguDpWc_6tNuBQr6bhJbNqtCTlc7Ibsx_nI4xo3NnWbjeChfsTWBQFNJrVsPvFGVsl682zd3D8xaRltA2eqa67B-fN8npoyr_JPEuKk8gbKXTtZ4-O43LRcUCHF2K3b2JJgCPe4K44lITSXxj1FOtBD05D1Uf-9GXl6Cvo1kJdE-Og9pTtbdNuJNk7UKbKSPvEF4C1uu0fiVbzYe8NowBY4luRApF9vNAoK03pV4qgp-m7HXqOLsaWNKBG93aCN6N8nSR7HkCLQSE5iiV0W1KOwa2xOCtVf8wbsBbhWaJKKTbV9SCJmx8IkUZxY9wct5iv_tenkj5UKC_1fuxKSYd0NZ9P6srq2J7VkxdlgTF9rILrfl2gdMzUyR9UEIMK5o98-X4hIQsTnRkrEM4eNxHp2cbdOWY-MXxi2uGc-i_DdPCWb_W4oXov8HycAR1-7QTvq0On69XvQmRQzKcigajNAuQ0cm_Tq0co4xRBVuKEL15wPTmtiNGDww-S7UwfZk4WjPnkymSEUPUDDlI9YfBibUlhUqtjkKZOqI_oly6Lm9LbkkcH6PYAKDQpdKP2GJ-YUhRaTpCCxTVegLybOWngwaZjQSsJiDTo32oUA76WgCTVOq6pUNdy1rXioTIblcJwa6bTprhu08HaX-K-hpnpbzSHi9SLZwO24onaQLERIaiKO76MvxwPIZwId-_UF11iZJ3XUo53HiXhm6ZF0TPYpTMqIXFe_r48UBOHShdfQQtSFkyABYRGX1c5nS-NJC8Y4ljrioCFfOWneeAYyU0w4KSfEHQl6Ov49xCGjJORqfzUuPpwCM2jAu0Hj35B50Xar5jpRLYAyGSKdsXj4DPgVs0shkE8jVfwSYbaHRZAafo4JfPbVpYN0YZ482p7cKf0nMdk0hHR1Oyw2tDU89sIYokGxz91o_daLQZaam1yxMidJlR-tVlZmWxFeVDwEyuvYjJ20yRQ7BR1gtq66Bc9q9X2EqBWMR597eThQno6U5rkiw4_FYOPatWUDtweigt298kfhjKhFDDddZD1MVmuskdCWGwH7xhQGr-dnixJQfwlIFmLkd-cUnUSrbNTvG8AgcMFfBZomy6G0ABNRn8YUVEIxSDZ0BQ9XnRxYTY0zJw28rtItnaOhgVvoI0RvhFDFGB6zAoZI8jgNwmTIP2lbODYa9kus-1LRBXDvC_HoJnQHkHN1PhN_qNtZve2cmibQN3gSNkTyNWLsyHdBH9qBBbkBpRiZngHE3hlSQ3KbJuzbApP8962X9MWzUVKfvW2DF-Lb-uNL1uEergGNNLEI7bwAmYE-Dw1gXAqP--V6mwh9j-FN6R5eMujuoyFqGJXNeG3jK6rxesMkrrPOSatvtsIObyS872sKRZVGIC6cQlfTfV3pzA2qmzZ-Uw7ro2-trYUuiMKRxeyNR3jxrdxnyLo-eBOyJz_PVfp6cI_WB_9ju3AAe6sEhlSlFIE1A9zBpt9_G2rVcoiBgJUAw-tG1XeyeuTVKTrXKbaJM-8zrKCYq98iLr--CD0rT7n6qxe2LpmyxsX8UwWjNYtYaTWDHOv53Q1ye_HNgIBrJzcXyf4xos3NGRvl65L0QEeCBkaysd6k4gQ_q-Z26tSBCHUxiubtuKwKHxclVZp_rsQIXGz_m8uoV1KqohFRJs_FN79CcCUKV6WaliH8mvb2zAKap6E-iMnGTwWNRapUXpf0ZLcvP22oMr6XssUiwhyW1wH2tgSZKF6WgVqtyWwSc6ZGXSgiie3Kafq93FmoIaJSO0w0jTGEn0fxRUEjkhH90uyn9P0lMGRGQkqzsMpTS22SHELVOsYdvJBsoa_XDvL9IdIPgpXCnXDzKqukrtTFD9-6voO16C1t1ffQg3XoLU2IlkeJUh9hQJ60TP6XcTXjYGmCpJgU7mKr64WuPGRRptSyLhVNwJLOl1A6B1npZhJXwT_FHFThFAOUs6OFDHHXNZIvzTG23mSBYr1eySTBK8i03vNZpi1wfxbtjm4sUFSHYjTGUK59kzGy1DNuJRydHeUP8-Q6Lxw00qOPqTR25amN6kVT1rx9lWxtxO5gz2Y3nIY0TS67q5rufLcG3VbTRszH9_1GaCZB81JobfGWp3eIvaF7UH6-e0rAHyPv9YeLSJVM3_L1dKTRKMqLYuascrIAlOD5OGpaKumSmBCXm1d4S3cLmFk-2ylXll2zm9v0_uLCZKETqD4Q2AZJEOiMuHT58j52s6tYdxTOjqka58jgc9u40LlfxxOZr7_fRjXCa3zfR4tc6K8eaOPJaUPTtA0Q_P89dpUlNEzRKrT73cpq1FSMmDrWNeKHhnYw1L8YOKlpctW3Q145gJrdJNKiWIvS9hyaZEPOvIzW1p7FNttIMRJk18PUU3RAhbJRGDUF03uPD0dTTsem1E1oQyxyfh_NQhNCppRkhuD4rHOTjvADEGS_GG48b0gmers1YMd&cid=CAASEuRoD6GegHaa6HWVYQO5ABVIiA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

352c5d60f4480a1c14b0d9551b8973c3bebd802eea0406ea6dd79f7286ed6850

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27870
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 3544 169 KB
59 KB 142ms
37ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 18:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 18:26:33 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 3544 8 KB
3 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AuYJSlMAwqzRBv0v9H5OLStdwAWLbILIDX4cWht1sXGekEYLFcMBmySPHm4d9cWMRPjuDuBEXVn5qR7vmQvmdsmDLxbt02zoMOwETMGOGX_6nGr12Wz0OIlX0fEY9Q7FKsH1-cZOhtzO2b0bZLQSfk9Y-TiA&dbm_d=AKAmf-Cx83gwxjnoS8tKb4Dk8j8e55jxZY0TxkDBZ_8wMBrgbvigYPtlXtnKgIbrBR96ORqW3oCyGET0sKTdNWVZi3hfnU-y07ZGPSsGaH_C3XKkx-4euZvYlE7bqkdIZIEKIO3D1dIxPjBU2qBoAb9zgvA6FbcvfBMqjmjfY8TGiZCFZDIyNrSkvJS06DaQguBa-K3KzPhK4Z99Bv52xgPkXIbHj78vPLWzZdF6JQGf4BR2ep5ZXMXnLbR01jNFp_zEfZapwl7nYv5p3AonzwVkxiqMWkVGUCBplYyNjcpVfZHL3TxXyU2DXOpUbr_342k3jhPx3cD-H1HHJH8COsDVaKgDwbrEMGjD3hMIoaIdDt5Fvlvlhc2jVBS5sllAf0AqjeuMLu7hhxbgfeFlWSyua9fndvyO1EVsIjKpcwSb4knWl33Fr7wLQzTW0O-Q36_ljZMWKi49AcgAEMfqOSyZmjPcM2fZJe5gawsGzZpfEwoo4M8C1TroABo1cP7DIzevl0DZDZ6s2AjL9bW5TDH7hXGxv29Dse0agyZn3FMY32pxKraANj9XARtwD1KJ343gWV-ACnH9YV0VgzS_LcvYSaaz9PmyPUwzNhHcRdGPI8oVMI8s0eN6UZ9BydyBUsXe6URJlhtiQfPPBubSuXmi47D6eWrCicYNG8S2806XvDJtz3lzUi_Wrpg6C4N9sXOrw_AHNTBNcyT86fjhJUQ5zsVbfOz8LAAXZXW3OsvCRzwdwEr2nVdLt0Vtnp19LCLmt713tm_IQpFjcXb9jU6AF9DotvAfTIKcfYNCwwC6JsYIy8uIVsIOyXOB8sROH7TaNeyWgqvhjI4FIYeEPUY0CnR_LwSFQ6b6XfSZ5XZ2xmpXbQQkHlX7rtW2y2UIG0MWB9oe2FxIdkLIm6DJr_TR8_H-Jnz-jhNdUz5iX_6E_H1PWPPMQWcQWe_-unvj81x59oMSCpt_9HPf2LqzyWB04tqz6oPOoUvurNUZIAoFBHyX_QFcIiX5IKGhZSliKcqc4yxs4MkaCKfTLne5F3KJOnZebfRoov-oriUdcf3AdD6_sqc2vQolaTp0gb1xPuMPT9jTsb8EXPVU1yb_xExZpPEU13yoDZG9AYQs6el6vP6SQV-ZuiY4L_dGQ-6N6c8V8HsG-MmCNhbtN1HzfORZ5hMKJEhRzoHbTIdlFZucsVlpmRlMx9rIyHEr3AhZStNDoIPBPMS09_A2xpfKfTnTzMEzo7OPSCZUuvY2snMIqZPdoPI8YE8pNIE6c0Q1I3m6_rYNGy-aC9Ys2_UdCFQJeT8EVr84lJzsx-3HNlmZIB9xcBM-7S-YpBB31dXtt5fxs_MfI0J1sx75aKp0YMCpvkh_c7MWW0kvLeA_Eyaq38gWrCgyfIoICHdA34XsBEFesJRO40sbny8N7kXsdLaIlX-SzhNt-g_nPoKWwTZ36EkP67vt2atA13sfhw7rX64ZlKjlAqlzoyPM2gdb7_xkWKbuLe3TozO-YtVv-64Q2RBE9WL9G0asc8xDJlrZXdE20O3j3GbYVAaysm1illEmT738I3fnMhqjnZjJ4Mcc7GwzsWssvr1nQ_H6bpCRrQHGYtimjwxd6k4XVaxfS7_g8pUjsrrQ7wYUT7iKsefiY8l_JFEcwM3RWjVob3PKRnyR56Nqq-M2IRKCIDNM70MAmmCJ70NzPZXh4TsDHKe7q9YHl7vJwyrHL5nvTrAvdaNsHZ2IPcbAPsAxPwa7aw-OEbocFdw1xBuzu87gBRfTCeo1r3_Ne72NSvFH58_AlHBK10hFGQJJmgiqj9x7agEf2N7iPgJhSscIkai_CDhbMvC3_Vz62-BXuZfVcqbvi_CL3pOyQRbfQkwpZXvTrXE3xKU3g44h-PbFTr4NMCPsqVBU4luVlvUnPZ1j3BKwEFssv66Me931hHmBe92VZu1kyFTBW68ZpuRLbakK92XFytvVdo8gJST9slPK5Eoze58a5ibH4E4QsAlw2N3XSw8f04qt-sNNsNTWZaeqMkSHOt7k9fnOhLBNTP4iPFKr47oZDt24-aC-X0YDA3Rkw9gWJSblJVen66uPxbeZn6v5T3VG4AS99qCXnRvJUxVV91M4z2YL8O1GkWDFFo05iWorrmb_oeKGixwWL0GBZ7ZJOeGkDLjsPqmJZN0TUKljCv8VT3qGeHA1kOKECpjNOMNAa9FfU6WoNM4EVoTkf0ZwCdqUdrrYqIwuVLGJzEnQxfbKxlofNz5GdG6ItF72TAuZXcEOFRovxf4UzwbQfysmU4UYKBfc8vW0Wj3ZzR_gfpHPCm7OmmvgbAtv5R62qd9uURHNCTpKs3TSSJnh5Jee-6kYiC16q_uoSvMxbiK9llFcFpgjtmr0caJokindLNDuZyxB2074LwkWMJ4I5tTsCmHAln0lf-ZJjnRsaHC9N7gW_xQfzgaKD4pGsJikN0J2lWBQu4n40JryKs0m5BFEl75EzyB04nP2qjEU9vngtMHcSlrUylS36ZPwAgzglxIExN3ttjGQErEqaameNrQ-4XwaJGVaZRHJ4_oOZwxcLAO40hSywJEGM1iHFJghoJO3Ay_rAmfO_gqk_5whSOUMjgV2n9JyVMucjQ91RbMd50Gjn8DDSYOlWFYPgkIQ_18VBzJTMSFzIlD5qHbyBbxCvwyUo-Kn1quJdfpCWAZMV6igkz3QKpSqzFdHF_CdtY3INyxyclYlA9W_EC9pV4UaUXc1WnXK1ej2oY1TPaRG349HwpBBjJzBOBP9hzu9v6lD-eixn2AEx_e-PbK7g5jpNCm-lBUV24eNRzlxKM8MoM0HFpibHbbfKIbrlMJefgcBIIbQDYYKWJOkzmHQ_wRdAuYJ6iFWGBvDXyQhJDnS2idKgEW_LwJTvVOdWLsVkHBb0e0kgDJC1m6t-GKojFLSLbs3t1g-KxK7XuyL0_oQO82wfggApQc5XzX1QAASDvkXumRhKQ_7KAXQVZ6q0UAkPSOf3YszFp5UY_De_n2NFqS5zprX5LohNklX7zD8mswdGRp-9ivCcmMais5XgGdUCUBy5yalQufstVhHSHYQ-cDmyJakZ0_MlzG_lqsEH92NaIoE2h97c4BCrG9xqHs5D-XqYPHPOzCi7P9H74hP4KsLiCzievKFcW3c_Urc5Ou0y_jolPYrP8Q-1TPTRnVRc1xui0hM4as0dsT8jNZef22F0wPTIfjRzJruA61bpqNJoZxmvS1yVg&cid=CAASEuRo9lvHpFq9ZA930FKDOPdVuQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:42 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3544 24 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:06:31 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9818
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

18ms
17ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARim5eioATAB&v=APEucNUzkUYoqNF8vQfGA0y64lKxv3GRGEhytwr7LzERlid18u71VckCZin5KMqmydIot-h-fcd0vXHSa_WzW6zF_VJdDDVBX0Vjj3fvLDfRMhj4V--LMIU_RAZxg-Snn6vcMkeRyabIJkdqNHokIQuipriqG8H0ONUT5kpdOQC73ORoPMNAUHlMhsCNex4uWXb3ecHUIfk81XfSO5GNJZ-Og_lnE6gczw
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9818
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

27ms
20ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARim5eioATAB&v=APEucNUzkUYoqNF8vQfGA0y64lKxv3GRGEhytwr7LzERlid18u71VckCZin5KMqmydIot-h-fcd0vXHSa_WzW6zF_VJdDDVBX0Vjj3fvLDfRMhj4V--LMIU_RAZxg-Snn6vcMkeRyabIJkdqNHokIQuipriqG8H0ONUT5kpdOQC73ORoPMNAUHlMhsCNex4uWXb3ecHUIfk81XfSO5GNJZ-Og_lnE6gczw
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9818
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

43 B
1008 B

39ms
38ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARim5eioATAB&v=APEucNUzkUYoqNF8vQfGA0y64lKxv3GRGEhytwr7LzERlid18u71VckCZin5KMqmydIot-h-fcd0vXHSa_WzW6zF_VJdDDVBX0Vjj3fvLDfRMhj4V--LMIU_RAZxg-Snn6vcMkeRyabIJkdqNHokIQuipriqG8H0ONUT5kpdOQC73ORoPMNAUHlMhsCNex4uWXb3ecHUIfk81XfSO5GNJZ-Og_lnE6gczw

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 089d6e6e-5358-4b82-8333-698887a4b0a5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9818
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

170 B
188 B

51ms
50ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 535df4c4-354c-458a-9beb-e5eada71487f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9081
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

17ms
16ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiG6eioATAB&v=APEucNVzDghMzF5L8N5MsDdn80kS62hOxzT0CnVhKUtFGaE_ETZpu3jMe5qN9lUk7QUFCpuHvNiYvYaZkn5I4xTCZcuFV78IvSuzF8HQxo0s9wYQ2NDbmmTOT9VnBoh1vvnUxtGYggAnUtVa7wkL668nB9irmeHPRFloe7WXp7z_STHgtSIYaRP6lY2wIXRKUyDG_ZqK4tto7vfqD3eLDpEBckjGXUYh2A
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9081
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

14ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiG6eioATAB&v=APEucNVzDghMzF5L8N5MsDdn80kS62hOxzT0CnVhKUtFGaE_ETZpu3jMe5qN9lUk7QUFCpuHvNiYvYaZkn5I4xTCZcuFV78IvSuzF8HQxo0s9wYQ2NDbmmTOT9VnBoh1vvnUxtGYggAnUtVa7wkL668nB9irmeHPRFloe7WXp7z_STHgtSIYaRP6lY2wIXRKUyDG_ZqK4tto7vfqD3eLDpEBckjGXUYh2A
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 9081
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

43 B
1008 B

148ms
148ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiG6eioATAB&v=APEucNVzDghMzF5L8N5MsDdn80kS62hOxzT0CnVhKUtFGaE_ETZpu3jMe5qN9lUk7QUFCpuHvNiYvYaZkn5I4xTCZcuFV78IvSuzF8HQxo0s9wYQ2NDbmmTOT9VnBoh1vvnUxtGYggAnUtVa7wkL668nB9irmeHPRFloe7WXp7z_STHgtSIYaRP6lY2wIXRKUyDG_ZqK4tto7vfqD3eLDpEBckjGXUYh2A

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2cb6a524-be29-4578-9e43-ece202c99281
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9081
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f0496821-3425-4d35-9ce4-e95a4945ca14
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6160
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

21ms
20ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhDX2YykAhiN4fe6ATAB&v=APEucNUZTJr46uz88-8NnTmEDEKbbGBE1o4MtAjQjp_WeOpY7EkJS79_zthqiR7Tmfem9irlPFgycov0XxQ3-AMIAbnfKHLhHvNHiDkv_2IDcwsQU_ZQ0nTxpk8AkCFA_rnmOLE0G-gYoItJPcDlh1wqHXHCW-reK_ZB7fNbrtusv4SjJM-miE6r4jHEjh5CAvx-DaVnzT1jwH8hpXtepSol0YZcqfbwlA
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6160
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaVQpdctlXTUZXoe9iiQCAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1

43 B
1 KB

14ms
13ms

Image
image/gif

2.21.141.232
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhDX2YykAhiN4fe6ATAB&v=APEucNUZTJr46uz88-8NnTmEDEKbbGBE1o4MtAjQjp_WeOpY7EkJS79_zthqiR7Tmfem9irlPFgycov0XxQ3-AMIAbnfKHLhHvNHiDkv_2IDcwsQU_ZQ0nTxpk8AkCFA_rnmOLE0G-gYoItJPcDlh1wqHXHCW-reK_ZB7fNbrtusv4SjJM-miE6r4jHEjh5CAvx-DaVnzT1jwH8hpXtepSol0YZcqfbwlA
Protocol: HTTP/1.1
Server: 2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-141-232.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 29 Nov 2021 22:13:58 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHKItlElLGH06wF8l7Rg7pQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6160
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

43 B
1008 B

27ms
26ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhDX2YykAhiN4fe6ATAB&v=APEucNUZTJr46uz88-8NnTmEDEKbbGBE1o4MtAjQjp_WeOpY7EkJS79_zthqiR7Tmfem9irlPFgycov0XxQ3-AMIAbnfKHLhHvNHiDkv_2IDcwsQU_ZQ0nTxpk8AkCFA_rnmOLE0G-gYoItJPcDlh1wqHXHCW-reK_ZB7fNbrtusv4SjJM-miE6r4jHEjh5CAvx-DaVnzT1jwH8hpXtepSol0YZcqfbwlA

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 6d9cd10e-cf9a-401d-9e24-a54e70184041
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKe8cGZ3mfY2PlxiIkHgnXA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6160
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

170 B
188 B

50ms
49ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:58 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d93807de-f6ee-49b5-bf23-f823c4f3539c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE2NDE4NDY0OTIwNjQwMDI4NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3544 41 KB
15 KB 90ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 26 Nov 2022 12:48:05 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BB32 1 KB
749 B 40ms
40ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 29 Nov 2021 05:53:44 GMT
expires: Tue, 30 Nov 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58814
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame F986 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CbPVMVWRI-Fz_OukOOqCdnd9bi4nSErO-TdW6HQFgt79jJNLhLAPINdag0eTeRDYvQHwz25EvwZH9shS9Nx7LgOM7KLoCCT_uiTJd1zlln_bCIM0W0_XrXofMwjLYl6lAhRe2nkNGlHHIT6H4F_9fYqJgwYg&cry=1&dbm_d=AKAmf-A3BxJLPwNX02MIuXJLM9GzVt2ZIaf1tC4WBKyhR9y_sLuZBMX6ZrfU7bQNqSrHR1YEYg6rQNiBF0BU8qbi3yn9uLG13kdQ7Wyi4lJSGGXucKwCk7Vj-lSwjC7LndXQlQ5uCUaS5rsE6suBNlhLGeXxw5-7MZDDNkU18Ue4Ch8kSwlCSmh8qhqz9C2LJjFrsIrYn_8MbF7n8lDANB8wIT_JdhHGBnDaMbBDYsnUYrb6Wa0q2C2GMlw9chkiRkf4D3kxCcSQonLZrxihIb3jmw8_c7s44CFoZkJMUsB5WZ19FXBvxSPREc6vPIQkEOsXsHoy3pV3yw7rqUpsvYPWoUYGDTBHKDAnkRNpReq6sjVlhMlLkmXswLkTElz9hSRXIobABZw3hs-gfc2-VDqwjc13dmGHOlXoJOH8hEWh5Bxupdr6nwlliQ4qSZhMC91Y1jN3MKwqT4ttGPZUPvwl5gFvSXVY9rbjvH_2gNSrCntmwEhonvqit0NMB7MPIV8W5ucDQUF50q4C64k3Bxk9Sndezbw2wLE72iMoqsBknfwESKq02YT_h6kjiczXRrTOabw42sAtR2a0pl1m-o47ts1DDxCqdskBzPPfC_dVhDon3QklCzP6WwYTQY64L-iNH73GqTMsSWCVBGJ0GnqP74bHJnvzB1qCkCKFkGFSSdnCCYcihdRKEO7OWSFrAPszleFs5Vsviiv46gTqtE_3nd8jR1uMGsZI-S4gSGvxLkk37jU5eveYO6BWjAlvCsySRUIY_LqsdtO6MAAPul6_p5vLISjV0482fowPa8cMq1xnmnCOXkE9xrVJzrMcfMgdjZkvfleSt8WgMHHKwYbE2y0Ir7UaZcyuZDUp_j68i0R3PdsEn3bLaEwF3BLiW7x6Rzc4a0F2l1Hejxy65bieQ_yRE96KqbuAfZzgKscyV7N5oR7h283ZHTZK33BSJz_uLjtNnPX28A01sOITCzQuxIlM2M326F1udTLJIB_zdAKyJ799AlKguDpWc_6tNuBQr6bhJbNqtCTlc7Ibsx_nI4xo3NnWbjeChfsTWBQFNJrVsPvFGVsl682zd3D8xaRltA2eqa67B-fN8npoyr_JPEuKk8gbKXTtZ4-O43LRcUCHF2K3b2JJgCPe4K44lITSXxj1FOtBD05D1Uf-9GXl6Cvo1kJdE-Og9pTtbdNuJNk7UKbKSPvEF4C1uu0fiVbzYe8NowBY4luRApF9vNAoK03pV4qgp-m7HXqOLsaWNKBG93aCN6N8nSR7HkCLQSE5iiV0W1KOwa2xOCtVf8wbsBbhWaJKKTbV9SCJmx8IkUZxY9wct5iv_tenkj5UKC_1fuxKSYd0NZ9P6srq2J7VkxdlgTF9rILrfl2gdMzUyR9UEIMK5o98-X4hIQsTnRkrEM4eNxHp2cbdOWY-MXxi2uGc-i_DdPCWb_W4oXov8HycAR1-7QTvq0On69XvQmRQzKcigajNAuQ0cm_Tq0co4xRBVuKEL15wPTmtiNGDww-S7UwfZk4WjPnkymSEUPUDDlI9YfBibUlhUqtjkKZOqI_oly6Lm9LbkkcH6PYAKDQpdKP2GJ-YUhRaTpCCxTVegLybOWngwaZjQSsJiDTo32oUA76WgCTVOq6pUNdy1rXioTIblcJwa6bTprhu08HaX-K-hpnpbzSHi9SLZwO24onaQLERIaiKO76MvxwPIZwId-_UF11iZJ3XUo53HiXhm6ZF0TPYpTMqIXFe_r48UBOHShdfQQtSFkyABYRGX1c5nS-NJC8Y4ljrioCFfOWneeAYyU0w4KSfEHQl6Ov49xCGjJORqfzUuPpwCM2jAu0Hj35B50Xar5jpRLYAyGSKdsXj4DPgVs0shkE8jVfwSYbaHRZAafo4JfPbVpYN0YZ482p7cKf0nMdk0hHR1Oyw2tDU89sIYokGxz91o_daLQZaam1yxMidJlR-tVlZmWxFeVDwEyuvYjJ20yRQ7BR1gtq66Bc9q9X2EqBWMR597eThQno6U5rkiw4_FYOPatWUDtweigt298kfhjKhFDDddZD1MVmuskdCWGwH7xhQGr-dnixJQfwlIFmLkd-cUnUSrbNTvG8AgcMFfBZomy6G0ABNRn8YUVEIxSDZ0BQ9XnRxYTY0zJw28rtItnaOhgVvoI0RvhFDFGB6zAoZI8jgNwmTIP2lbODYa9kus-1LRBXDvC_HoJnQHkHN1PhN_qNtZve2cmibQN3gSNkTyNWLsyHdBH9qBBbkBpRiZngHE3hlSQ3KbJuzbApP8962X9MWzUVKfvW2DF-Lb-uNL1uEergGNNLEI7bwAmYE-Dw1gXAqP--V6mwh9j-FN6R5eMujuoyFqGJXNeG3jK6rxesMkrrPOSatvtsIObyS872sKRZVGIC6cQlfTfV3pzA2qmzZ-Uw7ro2-trYUuiMKRxeyNR3jxrdxnyLo-eBOyJz_PVfp6cI_WB_9ju3AAe6sEhlSlFIE1A9zBpt9_G2rVcoiBgJUAw-tG1XeyeuTVKTrXKbaJM-8zrKCYq98iLr--CD0rT7n6qxe2LpmyxsX8UwWjNYtYaTWDHOv53Q1ye_HNgIBrJzcXyf4xos3NGRvl65L0QEeCBkaysd6k4gQ_q-Z26tSBCHUxiubtuKwKHxclVZp_rsQIXGz_m8uoV1KqohFRJs_FN79CcCUKV6WaliH8mvb2zAKap6E-iMnGTwWNRapUXpf0ZLcvP22oMr6XssUiwhyW1wH2tgSZKF6WgVqtyWwSc6ZGXSgiie3Kafq93FmoIaJSO0w0jTGEn0fxRUEjkhH90uyn9P0lMGRGQkqzsMpTS22SHELVOsYdvJBsoa_XDvL9IdIPgpXCnXDzKqukrtTFD9-6voO16C1t1ffQg3XoLU2IlkeJUh9hQJ60TP6XcTXjYGmCpJgU7mKr64WuPGRRptSyLhVNwJLOl1A6B1npZhJXwT_FHFThFAOUs6OFDHHXNZIvzTG23mSBYr1eySTBK8i03vNZpi1wfxbtjm4sUFSHYjTGUK59kzGy1DNuJRydHeUP8-Q6Lxw00qOPqTR25amN6kVT1rx9lWxtxO5gz2Y3nIY0TS67q5rufLcG3VbTRszH9_1GaCZB81JobfGWp3eIvaF7UH6-e0rAHyPv9YeLSJVM3_L1dKTRKMqLYuascrIAlOD5OGpaKumSmBCXm1d4S3cLmFk-2ylXll2zm9v0_uLCZKETqD4Q2AZJEOiMuHT58j52s6tYdxTOjqka58jgc9u40LlfxxOZr7_fRjXCa3zfR4tc6K8eaOPJaUPTtA0Q_P89dpUlNEzRKrT73cpq1FSMmDrWNeKHhnYw1L8YOKlpctW3Q145gJrdJNKiWIvS9hyaZEPOvIzW1p7FNttIMRJk18PUU3RAhbJRGDUF03uPD0dTTsem1E1oQyxyfh_NQhNCppRkhuD4rHOTjvADEGS_GG48b0gmers1YMd&cid=CAASEuRoD6GegHaa6HWVYQO5ABVIiA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:06:31 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame F986 8 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:42 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F986 0
571 B 207ms
85ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-sw1Oj0TtLT5r45yafpsRe6CXHNo-dK3JPvlw4PWP1tUiQdOPH1yxPFTEZ84LxE4P798hrXZt3dE_fLiFyXeCkBT1o-W_rAo6TjCCSgJ6bYkjK4qWuhkMOTNpwtjpo0zyGGQ-Qjqm-a1bCRcPgqboIW25trLfClW5uOX8h_2zTYfNQbiIGOCkCFAFKUrNXAJeqkQDLuc7R90cG_8E3vmsgZoYvsEPjNwIwHbLBLBRVcNlG0QLtm038oCOiQKqjdu9V1N6ipalf7tKrzpPtbeT9zv8tmtNuH5-7chkSkzeTQhbOuya8dBa2ZyWyJmTeMmYiDQQcJ13lKY4JiZiWsREnOTGYTId5ls1fLTljdOD4UrmkIVqT7_q0LJKkpRzw7uD8NWSNk8-YzZfPHIfusJWBuJy8pTRhjDSEnEWGbL_-jxUgucDsiTi0AM8kDQJmpjSlYLzTgwavaPkcYCWz9KU3GMa8gX8z9xNjKWZTmojB5unNcN5hbR4C5_JOZMedDwj65I4XNHrWYgyQGZf38mFemyZ6jd7LH-HDqM__JhkX49gme1a_IjIAVJwQk_STCvO4EbMnKZyLNh8uJtqXAwH6y5P_r8vZkQNBhTeK8SwR6orZOBEa4yc71kEp_Co4niw18vIEg3Tyl2m2jBvSE78AbHaBHvb_iLS5Ww_q9AnNsdP-oirqO8a-C-vIE8O4wQ7U1YygBNNpz7PL70z1DUZi-J-IKkcag0jgcfYH8uS2rErDGdlOhxgmVtqRFxHnZ9459TOoGgOOxfQVCeM1QRRUTAVfsxaerNTsGreUdsUVolpl7l-wOACcBMdFsPwrBFizGOVgEcjfe-aJBDkVV2p2lNFHJJfU09j9fbt3XuBbqe8IrCpe3aciDo2IlC-XvRDicx1RIGXuUmi1w5tCwKH8rw5qfLU_pYEqXZpHcwMiPuC5Wxy-QiBZU5tewHuLd28j_rg1osFAKPavbtvtNWmyPDml42eP4QsgJmoY29R0qMPjXAr-Xr19HEurUlHM_89jHcPqLooU7H_lhGrn37F0xe6_DBByRV-fwbfaYmPoPc28XvV8CslJXp87OizOVedM8_PIsaY6xNWRYyfqvh0NaZHdtpsz-kmMy_06zI7K0QcOjT_700Ynld4wTatlxdwOcETL3hTSmWAv5HGd4lmgblEAk1gnoWNzf2SFxsyY7cQH9c&sai=AMfl-YRMpiV9rfrTcSx7eqgZwhdpf_gBXZ1asV7-yTDRvSdDyx1brk5EVJbsBW6ICYim2OgaeoGceKYsygITwhqvClqyvoIcuAjiQohQYqUKUlQtc5OCtFysAIJYAuHFF_MmempYsBqdJvil9Ot-LpLiR7q_CIMq1w&sig=Cg0ArKJSzH_tbfDYeuzBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.75231&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 29 Nov 2021 22:13:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F986 41 KB
15 KB 81ms
42ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 26 Nov 2022 12:48:05 GMT

GET
H2 200 16365795001701747764
s0.2mdn.net/simgad/ Frame F986 11 KB
12 KB 121ms
40ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/16365795001701747764

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b42879f91c4e02ed7db0cc0e305addaf395d624c47d015d2214b81739c1786b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 14:19:52 GMT
x-content-type-options: nosniff
age: 546846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11222
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 11:32:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 23 Nov 2022 14:19:52 GMT

GET
DATA 200
OK truncated
/ Frame 3544 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfedc3f49c82821faf6ea3898224ce86d378fbf6cfb948b60088e29e5d91b620

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9EBE 169 KB
59 KB 91ms
88ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 18:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 18:26:33 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 9EBE 8 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BhsomHGa0mu3OzfoQt53wQL3vwRdhjy43RS9sWz7OHmjXQnYQNZXSDg7LKKmt6i5ozkPC5H3HUkug1LMSoOlkuHZL5FqyCsZZQF6J1QIJt00YvBY0_xvBQQD6C9qhxLi3lQlFVqWhS2-P2PkrIUb3gTX6wkg&dbm_d=AKAmf-C2thHToF4JlAyUv73erloxzcs411TMQGiCTFUbiHtcNUSkF8Tp43iNM8IjgpN-6tmtBChM3Dz1jF43bWK1Hu1JDUPB_ua-jIuInpt5LblosO43KQ3c1UEGPxRfJ_mxTG-wABUQKTPpSzL9_r40eoLcIXviCP-Bnd3tdPFkhST0avMqULYnjI-u24xW21O49u52EEJasXJDXUQsNN9aB6abSkD4KYH7QHL5ZTyKV1NGgW5ohW152vhwwizH80WPWZOAPdm_Va63KNOuillCVBcv5hqs-1n7T5DLixpUs2d46I7E-pbthWBzb3jaNUHcXGujqVSFc6uDJzaH-Q2D1EHFrImbkrWJ7Qg17z99L28mbvnRtPQMhOoHRTYwwZyd7ZXThldcve0xUlsANGjfR5ScIUZPqNyputQTxFFT955_aL8HDo9csAq1kje4M7HuhJVinRMDwWWm17pGOjblj3buwr0h1OR4EsX5aZH-a36ccILG1Lok8-T4D6RtdLOGMGMRySYcCOEQkyn7hdepI2vwtITJzYxN6oJ1uVo5aBGHhlb9qoV8hzg8HaUOX2zFXzJfqFW-uuXEazmUaOpbho5pKfPldpCik7S1Du3sX4utd5q3UYl3-Vu1rjmwg4QclMIhZq0BmlYpFd_6PDC1BQtEkql1d2hwVlK6pbjlOcsFIo5hODNLeCBxxUYZdhP63GvgCZpyCu4wziGI_notphKkwN2OPL4BMhZMGZVYk8U3-ihrIh3ZElV6uyH5EbFKgQ38imgXtluVfQdDoPuIACUN9LoyfEIEKyPjldpOvs02n7WNMhMchE1rtw0dX5JQYWwJSbpEyUI2P9eC3pTzU7wDOo8Z4IPg5lyRqni-BTPSWbIDKVB9HkhKdcU_wgd_irv9IX-tA00ahsRwsq3fmhWj1h7KembM1nRFcTUYPBjXLXjzXKBLefmEBLgRhzKW7jNm4lfwcrjRHLelUapMGhaP63UJ2WKsMp3qzwF-3ZU6r3-TI53hEMisnrzLc16l4OXARPQosnZiu_9tWCXqG1P_RgSLOosqOXotfJsn7-zinsa95Ro31_RztusGQXMmpqSzyeNRpbRoKvsrrzWeFzZwpq0Vnh_FdURXRW2eYf9UuFM6PepYfC8vmH6ddYO19O-OBqVXNQRc1wzYSplqZ5aTK47OZVbVb9sMYkEh6MdDeqkF451S_HjBUKduMJaFgEyoXK0THubBc_wMwz__PPUKBae78c2Z6Ef8CfL62aShiVCTABsuuRTiQgeHW-CefDU0s6ITaLZZCMggFf-LCLiEhjorohobYJmULxqADc3H5_tWM_BbPdKSinIYYSHPCOC2YCbAJ8-IHhh5kNf4f02DjbVbPKj0l0yWmhM5fRJrjgoWzexpO_W4lZ5ldOvBJYES86Y4uXcd8xbHqB1SWAinmq-OQZ3qOU5Xv_TejwrQtoISzgTR41zst0Sqn3S5YsYCHclttvp9IK_OSr6MUU1_iO20UkghVT9UMle6zgaAW4_iFNykAWRZ_cq12ZWb8BwZv1hSAvhjahK6ZA657lkIwXE2epAXei6v6HfHQeTGRtGarA1WZ-TuftqFZaNxRdViLyfpiNU6oTfiA_euKq6yQMC76Qfq8QypENNr9TFodgSSjTAXa3110dQCG-hOKElf5BKP2Fq-3agcyon0DVA52jsQh0S60nzbWdGQiA-hEzBh1Ykc6iwseowtPCTudaMZd0NswNapkI1ACXkzkyUZ04IdUkOsYLlohbgS52xMoBsAyrTo4JeJiVRUq1uoDJPGnqucy3aqlzF-ZjCsxPmYoXgBaXyEnio_WPishuWbTDHXE7qcWO8KgK8S0P8nikbOwe-MPm9nG5X4D0ccCAoN1vYTXXlFEwF0B29DD-8LgSKfGdSCn8u8VgeO6gDypPmdKyWo5Bp2joPzSurvJDOZRB6Q5FhxEdMx3i4c1QDBOhszIYPd56-Gi9xZrV6XH0UrykdtQFRLPxJgGN3ABRHuZegm4Ioms-Ybca4WNkDTww1rBDbo8IYJPewWtLqV248YvM98jgRlISb6pS2Gk7A1rV5MX12IWB1sluyY42pVD-WCACaYEGB7Jm6FTZfRtKsGJLFz32ssE974f-eofmOj4iH-wylJzgR_VVl_ndAIa47HHTuTd3MlHKoaLqdYW_I9VBrDQXUxuvFIzlRueSf_eC-pdPS8STWJ22vM5RJBPRryvdHxEi-UInO6pvfIXd9IS-0Dx9PdNjO-y916fW2LlMmnGyjcAl5ZJMniD9ReiA4XQo5FYX72GM3qo5osoC7yiZ015K2Sm6Ow6u17nkXxRfpo3dNEy6mi3aqd6ZEXxeKzG1PU59CZm7-wPgR-UGmUktcf4QlE_k1YFaf6EltKwDgyi0lmOvTyplu4-y_tp0Js9SIpy_RRH5G1eV61DHmhK69sRzuTjRDIcjfoMUUFwQ5Ud-St14b3FuyghuxKpXkbVCnXgMUatsqkP1sziAHHTd-qjUPxbNeSOLxFr0sVP6FtvyCK8PcA1Lanz3zxpj6LLStsq85tT1I-E_KD6VyOYcBMuzGD9s7sJP0ujF_Zk3GPLioJ0wNWQfN2kEBQiTnIHuC5SSXq8MufPbwGK4tt70AVV-zT_fJHWx8-wjfd-pLcccgfhK4-KyIpTkCrHgJDZYyErnuGICKkCubrP1tsuv1Z7U_YHf8yY6aeOudlV8nnx4zcAF8Rb51o3Ci_tgwoKLIlRAz7dNy43AP7jBA8IMiSSIbVZmMtwcP9SRt2MqxEL-5vkG6U17y-_9e2YwblZ-Gjb5SmtxNGz31yC6IHfemIWNT7ln-9RF3PdDakrEfRXx0ZnIkV2pP3kuTjc89_qxLKUb_uVLf5Z129djHlHrXffXFJHDHpbUmuSV_d7Z3smBS1hbhX-9ihtvJQo3-gR1hLT8SRLdq_KIwQDt_nhbwrjiK0C4G2sk7PXd_p0SLFEq8JtDbHupng-wjVo2Zzd5ubzU4aPZPgl3ZV38itGrWqFdCZRMu3zPpaCqwVZDad5i_n2xR53CBY17IZ8wgdVnfG7VuGef3JeZhCzxQqpudME86MkjUDobD0PC62XKP5dCFX_83puoMuvisyO9YQh7MoRJmzxWhpac1eLSFUrYDsGh3hsUUYmcnsxMZ-WVB653bGOak07O-krX6tGgCZMLnMJj_vpItSgUeUGuJE9p-fTeUJC9ujOH27MErKcz50Gw&cid=CAASEuRoXaRuysCPldMo2s2-vrqQmA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:08:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:08:42 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 9EBE 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 13 Dec 2021 22:06:31 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 90DD 1 KB
749 B 41ms
39ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 29 Nov 2021 05:53:44 GMT
expires: Tue, 30 Nov 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58815
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F986 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8acbf49a152ca584c48353a6482d01f4b8ca4c16c2c1bc7e583af07ee8f6933

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B378 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 26 Nov 2021 12:48:06 GMT
expires: Sat, 26 Nov 2022 12:48:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 293153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 94DC 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 26 Nov 2021 12:48:06 GMT
expires: Sat, 26 Nov 2022 12:48:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 293153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame BB32 0
191 B 19ms
18ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEK-MdnfW6_l3sBjVqHwUCFw&google_cver=1&google_push=AYg5qPI9JATmWUG3LVfQhqIktddeEC0xXij-VncIKAmG77MPFjwPL5GjbBBH2AxEN9MI1l79WSaLecG9QOQtssxXXNIy8pQJfy54
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB32
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESENtq-ItWe-3FP4nimwN9MzU&google_cver=1&google_push=AYg5qPKFN4Le0jT3kgwRRy0jrD5MM-GUXS68PMINuXnR6EErDJEMSFRnWy5guPxccMRPun7GuDT...
https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=BGVBaBo0Qa22xEH66O4ojg&gdpr=1&gdpr_consent=

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=BGVBaBo0Qa22xEH66O4ojg&gdpr=1&gdpr_consent=

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: Apache-Coyote/1.1
location: https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=BGVBaBo0Qa22xEH66O4ojg&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB32
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIaeMT-JQINWi6p2zVKmqxldhscFROumLYLSnaxX-8ug6CyznfnCuCOrpR-y1pp83iqiBzM1DzsjzT0FDmWuB1sip17Eec

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0jGfVsWgQrm3adGMLtopUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIaeMT-JQINWi6p2zVKmqxldhscFROumLYLSnaxX-8ug6CyznfnCuCOrpR-y1pp83iqiBzM1DzsjzT0FDmWuB1sip17Eec
date: Mon, 29 Nov 2021 22:13:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB32
Redirect Chain

https://google-sync.rutarget.ru/sync?google_gid=CAESEFqV_fPCmL8aFlBAePvDFys&google_cver=1&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFINnOVLgIwLAYaV...
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WVZTWjFJUmM0Vmt5&google_ula=2046794&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFI...

170 B
188 B

183ms
182ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WVZTWjFJUmM0Vmt5&google_ula=2046794&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFINnOVLgIwLAYaVpsL47

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WVZTWjFJUmM0Vmt5&google_ula=2046794&google_push=AYg5qPI8SQMrsb-inqd0gSxRelF3YSzg7cLdrOkUngGFq3FTPFAph4zgG08FaIY3f6dy-dAikV4X6VQxFINnOVLgIwLAYaVpsL47
Date: Mon, 29 Nov 2021 22:13:59 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame BB32 42 B
233 B 286ms
103ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEI2wKs6g7ummmMfHyVHvu2k&google_cver=1&google_push=AYg5qPJ-BQAEmDP9_4TcQZy8KQ9pz03WusAttKO4vXri-1UmzfNjD1itFcOOtNvM7LUmySyRrkQwPD8ViAvowNtf5Dzyg8d4kxWs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 204 exptsync
ads.yieldmo.com/ Frame BB32 0
35 B 206ms
31ms Image
text/plain 52.30.39.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESELc3IFJH3QprVOUQKtPNoi4&google_cver=1&google_push=AYg5qPJVXSduL7UTW9AoTAoOmm9zV6fLDTCKko_DCH7MqX3p5V5wHGMoc6Ub9ljSGoJxndAlvbegZcnYav7ncrexNZozEp7pVgyq
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696190&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037506&bpp=15&bdt=176&idt=265&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=2&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=1421144072&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=215178736&scr_x=0&scr_y=0&eid=31062938%2C31063792&oid=2&pvsid=391453491369403&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.xdxs7brqcmkv&fsb=1&xpc=alYXZIOLbZ&p=https%3A//securityaffairs.co&dtd=705
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.39.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-39-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BB32
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMrKHo8Z5T6WMCmV7_Hd0ts&google_cver=1&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1L95tR&google_hm=NDQwMDIzMTI...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1L95tR&google_hm=NDQwMDIzMTI2MDA5MTY3MjY1Mw==

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPLJcols91FuHX5lQxiIFwQDsLmUybNlH2pGNR1NkHoOugSJ5tzDzHAF5n17KJfw1h9WmldP5TTALlFAdmtgwQtcZr1L95tR&google_hm=NDQwMDIzMTI2MDA5MTY3MjY1Mw==
Date: Mon, 29 Nov 2021 22:13:59 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BB32 0
12 B 49ms
47ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KVBcYMvrnv4YkbDS7XuPvyDVlhgWoWFBg7Cav8X1H_UUrw4R4TpFc6e6VbEs05A8Eu_W4XVw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F986 0
60 B 74ms
72ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9EBE 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 26 Nov 2021 12:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293154
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 26 Nov 2022 12:48:05 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0064 1 KB
749 B 39ms
39ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 29 Nov 2021 05:53:44 GMT
expires: Tue, 30 Nov 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 58815
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9EBE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f80ee91c41510bf3330ada78a76ddd6555f22cd8f9ae38e98f36d80716fb39f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 728x090.html Show response
s0.2mdn.net/sadbundle/7431250422196600832/ Frame F6A1 47 KB
11 KB 99ms
55ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8d15b5eaa48b5607e6f0f63bf0ecbd361309c0a314a74872812f695d784378

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
expires: Tue, 29 Nov 2022 22:13:59 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 24 Sep 2021 03:34:56 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3544 0
24 B 132ms
85ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDR6TbywKDdMeQkufmMVZtR8ZvpECAZNhMiTYUMtjAjendeMJsrxi5uMq0goOSza2O-4m9oObOWF0XbghxAYBefo8u7V1fWjQcXii7RLfXYK4jYwFHpG9ZeVtN5PV877f0h-DQxhx-uEHxPpgTfTFOEWFYMjcAtoSF64MsnO_Oklp2lYYmkU-pToSSUz8G-3kF-jJznUeT3hjdoQjLRJMX0Ckb1ShusztQvBXta8KMp-7c0hVMOa_08SAXmsERJYE5ITwW2bOkIHwuG58XzTFpYS9WfCmws3EOm9pYbL28K8a6WuBcEi88zPzk98XZ0dh9lK9jwJLWwNqpxp6_30JX7mjP2R5WhzfJIxQqvzTaBYunMm2cLLj1xHo2ealKFrwvqIoPlcRcw0uqTsi1LquLXQ3op5mJgo30ViPE3H06jUUpuM5VGo4EX2uSwuWvOxvFy2gPG7fwEJgRNIrOED-BiD2LyU4gKUOH3hsyNUzKDAT9badddvVJIpkyOm-PIynhM8o7-iH4u_IJaLLJciBBAbeedkv2fridtLQ70fodzBjc-LC8mX4MKmBJ_XY5zr-H1L-d4HjOaW3zmReejUWlKqOwnQXjccRTt3TZAQYHtpTgWf4FFKpDK_lGUvv9-9ZzFAjmqo8oEABtNIpFkJuDYmTFTg2B3ma-cOeEQiHQAzt_BHhQ4ENL3GQRdwW9u2Ws2wWTngl-qdR0QoTCHOsTUwS_JdLLe1pH_W4p17gIWo0PIstw5EfuP3hXWv0Qn9yxH-kY0jffDsM0NMOHKli6QrvjOt27Qevg4DWBhJamDAVi_O2p45iZNlS4zh8YSUZFzeN2DukFKcgMLI3jeXUfs-vHv5Bdmv7lHxK1gwicBglqdSDidBdvfQ4-pFbvYIE4PFDzRVFK_LAXCxOHbxqlVa7njON9WA-O9MIn07CDZYz0-iYJTaqjWdGjDtQFfoE8oukMWM-k4bl_ZeZnuI0KRPTdR_KQceDvHmxENB5IGZ6XEi9jCP-TuYgkT6_NVn2zaW8waIe6o7oQNMu0jKYLgXDEIHDTJDH2vDer0KrlZzO-MwsqkW2kdUHiWNhaw1auncpTlZh6Qv3o-ZbN1e01PHT55kNco43Fw_Zc-QW_uMlFQrnaJtalGjCwfzgK5_-ysIhQr5z8Yv0OZ9n3vO4PuDfgY72I6vfCzzQZ5D34lms3OuYP33hbISnP2pe_5AnaX1Ay&sai=AMfl-YSiTKDpthz6y6XKFwA4X10nfyjP40XUnjMU_oDtx9vxWInP1z0jS0TF-NVr-hPqM5vXHTnHQqyldINemKMDZcLoXKXQ0TkHmKCOtI_BoPey03A7TlLlWRNpxOmb3Nq2zFpqwoayI_YhJ47lcUkRjgwSx9TaAg&sig=Cg0ArKJSzGJJccctgwwfEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=282&cbvp=1&cstd=276&cisv=r20211111.80073&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 29 Nov 2021 22:13:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 320x050.html Show response
s0.2mdn.net/sadbundle/12084990958647640064/ Frame 6216 47 KB
11 KB 64ms
46ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d73b229082ad63f3ca2fd91f9ea2fa16c543037422e99b985c7d6c6cc681dc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
expires: Tue, 29 Nov 2022 22:13:59 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 11 Jun 2021 18:35:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9EBE 0
24 B 116ms
93ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvw_4pTkTAe2uj2JJhfxVMabwU-BWYNnqR006rT4XVn_dFM17bSStXOtxMZNZ6h6HxP8DcvY2LSkrSNFXU4NGcqJyfSwn0BSM9iZ2fPrgeLG6fNIgLeyLMuUkg0Q5BX4mJUDtDLaeObeS2tgQ_GGmKyeQ0S6rUyY-B4AGHiE0gulqEPIFJt_yiNNOjfaOiPeGuOJVciaPusG8Q7e0PLmo-m9HbUGcCc1GNcWdLlroNn9mZCA9rcB19DCWEfi7Q5flzEgxbQ5jnihppzMoYi4r1PZqq1rgEDZ9ZTggW7myKMJEcXasYOCo6uYx9FOnLHwxpv6YPknPhxuKVCe7ShIup1Ojnv-ehxTQOMGD82NQ5Zr2i5_ovU9qy02HUezL1eYrY1UaRgCMLlzuOKN_ZAfUBbR-ZhWPNb6udWPUjXw0gaU2YBBC7kn_5cpnOliMI07czyW3Zy_Ol4ejt1V7YQ658O4_ZiOggqnHSYwbZLp7ImN0VAnM6kBhnwpDOjVwECFe82RecQ8jEWjyBowOkFDDrynibiJ9D_Qs7eMm1g_9_yLUKR1LBsSW17K_Ilm2FcNb3o0TeXgTA3o-O3u8o8oyyCX6ZEvfx-WJgeXg1Zggh7QdFgi2aidd21QUiP00wtDjztUdJFUDYeUcyjFBmEX9FwoACYRaj3kcqusRb8IU_zZEhC3a9pNxIUdOHQ_DFlzSaOVHU952ku_shzXjtyn9B21nkD8EYwVPtGqVA41IqYeW9uFg_IyxFETg4UHP2zkQyZBJ4kgRis0o4Kbf3W1-mEJrwYvfgl4yEpIGbUjq6IMs1fym2a9Tr3nc5m5zpLGDNFHR6XIsxpABF2yFQi07ZxTmTM02fD3hX-SFJd5PcO5jhyJtZckzFqXTzqbgkikqFcJMiAUpW5y9aTxRNjgpU1R6LpGoeQ03zfAScxw9bIZ6RUfZ1BN9qQ5DywSS8UZOjhaeEp1Ciowbl5BS2FK3dZkj6s_1gCTyQMPgwH3HJTUlHDhqQRUGie491bkTUYFQNgul3sUNtxZwK5sPJYFBbqAL36mvokU5NBv2T33inS__ZTQb2MZhckhMdvRIYQ_s1udoXqEUheIS7zRVpPxB-bBJZUjPPh0MW2kZTh6vHj8Pz60WBE3OWzdFx_38PEL2btvJThbeLRpveFfov3_1Kd_vJoDSX_0HUVmZFkVxNlM-rr54tvi7gepXeZEGU6fl9UNP0&sai=AMfl-YS2IM5ZhfDMhnf_PL3HMY0p1-GFz98aWwjfWm2idEYxFiXCzyp7Ed5z20FOKfkHqTCWAKNDoFYAQ0ET3BqNEYVjLy7POxc9ysqJ_l4BNQjGW3UOYiDgdcUdkaP30MPLI0TEwuddhLOLMZFnP7ssj_RVawB0sw&sig=Cg0ArKJSzKVD6ya0bkK_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=203&cbvp=1&cstd=199&cisv=r20211111.90433&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 29 Nov 2021 22:13:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8689 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 26 Nov 2021 12:48:06 GMT
expires: Sat, 26 Nov 2022 12:48:06 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 293153
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 90DD
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEM9nyNCTWOWmtF5hwh9-dcc&google_cver=1&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO...
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google
https://x.bidswitch.net/sync?dsp_id=119&user_id=4400231260091672653&expires=30&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO_Ce1IQ&google_hm=Hrxd8aM4Rj2tDlbbr3JKDw==

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO_Ce1IQ&google_hm=Hrxd8aM4Rj2tDlbbr3JKDw==

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ_VKIBDaUGKh5rgikMEB5XZbvpLpgH5eX3dsyqEiVHZQ2VkMs4jsgeIthNqPZHraZ2DAmG0yAtSDMPYPa6_qqO_Ce1IQ&google_hm=Hrxd8aM4Rj2tDlbbr3JKDw==
Date: Mon, 29 Nov 2021 22:13:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 90DD
Redirect Chain

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEJtS_rX-m8Iw5ZzJe5qVAgk&google_cver=1&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03k...
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03kRHKmsYQ

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03kRHKmsYQ

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: //cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJu4pBMqX41z68PqB5ic9rhNrmoHr48O_aicHaDarm80anxQwOx_9Pq2VwqLQSwKMxV7EUOIaYMVIqjwerVY03kRHKmsYQ
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 90DD 43 B
64 B 38ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEFru1Ki9muj7mppIlJq_wGs&google_cver=1&google_push=AYg5qPK6l8eKEf4KLwMy8WoQv49EADpojk7aBYBeYHYnNTxLErh5V3CEhXsvL3IyFInlvrd1yAkfWDXVsc4ciE6ykmNIgseeTQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: nljbms5m35l4ct3vtk7sqe1jfbf67of0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 90DD
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJO...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJO...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco&google_hm=363a32bb5c098b5dca7062f3

170 B
188 B

49ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco&google_hm=363a32bb5c098b5dca7062f3

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPI6kHHIMu7Qye9qisYaNRkDtABaUYKYwmLvIy2UwDnIIJNTAYVh7QMkW6B8qh6DLBcWvbjAYDd4Lt1jSSdJOPkEEY_1zco&google_hm=363a32bb5c098b5dca7062f3
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 90DD
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEG...
https://sync.targeting.unrulymedia.com/csync/RX-88650328-fd5e-4cac-bf90-42bf4697315c-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIXg6miyM7GxOeyZMkTP...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ&google_hm=A4hlAyj9Xkysv5BCv0aXMVw

170 B
188 B

53ms
52ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ&google_hm=A4hlAyj9Xkysv5BCv0aXMVw

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIXg6miyM7GxOeyZMkTPOwd7OkxTugjUT7RpNNsJ6ChbtgyitDTsl9_A4bvcqkJvyhXaSPhz4C9Ls19cMIlJNWNZFgyrQ&google_hm=A4hlAyj9Xkysv5BCv0aXMVw
date: Mon, 29 Nov 2021 22:13:59 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX88650328fd5e4cacbf9042bf4697315c003
content-type: text/html

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 90DD 0
44 B 737ms
241ms Image
text/plain 54.92.96.182
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEEhmo36BwS3cv5pnz9As-xw&google_cver=1&google_push=AYg5qPJvPNpEODrSceqRkYIWPrYeVks51ovhdjBAlDjqONGkH1aRwn9krQDw4B2daarWBKBiYC3ozDmyuc6aT35F7RXCajCuzR8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=250&slotname=Internal_300x250_0.10&adk=1639670682&adf=1174745092&pi=t.ma~as.Internal_300x250_0._&w=300&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037573&bpp=9&bdt=187&idt=683&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=636728137&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=2279&biw=1600&bih=1200&isw=300&ish=250&ifk=2892227040&scr_x=0&scr_y=0&oid=2&pvsid=3293067016313517&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pw23jtwjfjwo&btvi=1&fsb=1&xpc=71ENyNN0pi&p=https%3A//securityaffairs.co&dtd=694
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.92.96.182 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-92-96-182.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 90DD
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thA...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thA...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHMRwlLoqkvxGW6lk5wnCIs&google_cver=1&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40t...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBhNmFlYmRmMS01MTYxLTExZWMtYjE0My0wMjY0NmNjMTYwZTQ%3D&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhF...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBhNmFlYmRmMS01MTYxLTExZWMtYjE0My0wMjY0NmNjMTYwZTQ%3D&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBhNmFlYmRmMS01MTYxLTExZWMtYjE0My0wMjY0NmNjMTYwZTQ%3D&google_push=AYg5qPLLNi-KsIIenkNOhHrUViWhhSdPWEd34RcrhD9PjDZqRTZ40thAGRHu_AsYhFkC1Zhe0UlThvXnT99Tr9OsbBjpcSQZSXY
date: Mon, 29 Nov 2021 22:13:59 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 90DD 0
12 B 47ms
47ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KDHjeVPe9Oy-LNCu7LCdEw0ZoLzdji2UgRwk2AOYIIX28EHhz7EAzYCHN7HushoQqVbyp_GQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8D16 12 KB
9 KB 100ms
56ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23996e7b6bc587834be19d364cd17f5f68a73e3651594cdd4b051022b68cc326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9257
x-xss-protection: 0

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame B378 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 94DC 35 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 0064 0
103 B 112ms
14ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEA2Mpu48pkUFwnZfu0ZH8aE&google_cver=1&google_push=AYg5qPJ_L1t5bcmgcN3a4Ojj8uh9HLNBDhzLZ3gPz8qA3hQZwT2wCHt2-H9DprSUhrVQ2lFun46V7bVUtIkXPgveVy11AvpiOxI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0064
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEBnE1VvymC4zIjgotF2ix_w&google_cver=1&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A
https://px.adhigh.net/p/gm/rub?google_gid=CAESEBnE1VvymC4zIjgotF2ix_w&google_cver=1&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&bo...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&google_hm=jBmr3O470hIAAikABlF9bcMNZ...

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&google_hm=jBmr3O470hIAAikABlF9bcMNZw%3D%3D

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f22-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPIYaFXW1WRLzU-ENmhoEgFS9fllS7dJS9rLdXo8gfWJZ3beAKuapNC7MIQLEB2YRxuvZC1fnQJI9B_y7aAeSUKmP7Oz9A&google_hm=jBmr3O470hIAAikABlF9bcMNZw%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 0064 43 B
65 B 59ms
58ms Image
image/gif 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEOGnXBGufLUe-ad2suAqvCg&google_cver=1&google_push=AYg5qPJUK-RkytFANjvYwW5sOmkRX3CF_SAAoAYWOSoWqFX8wkrOc4uW0d4R7ESSCtycxiMmjNHj1ymNXgG1-4mfwBXDLgIrmTU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 22:13:59 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 0064 43 B
64 B 31ms
22ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEFru1Ki9muj7mppIlJq_wGs&google_cver=1&google_push=AYg5qPKwRta31d6O0XPc871pg1Ssf9rOFXNNEYfgTE_kFgpFfGAquVXHtfUZc7GjicY5RxxNbs3SEPMWZJKM_ooDfWxxqkUo4bw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:58 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: cc77u24l21r06ruvg16kr81np6qk48en

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0064
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAz...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEOT8tfb4bGJPFt5MQqSAcrw&google_cver=1&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAz...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4&google_hm=683602bbf0823da8779ef25f

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4&google_hm=683602bbf0823da8779ef25f

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJMK6EJCOMfzaXgD95-qVeQPHykfFr1EyrosZxR4KB4YT-FdhBFpUx8GxbOEvrJuETD4ZtAQm72XYEchQEAzE1MetEYYX4&google_hm=683602bbf0823da8779ef25f
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap1sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2 204 pub
cs.chocolateplatform.com/ Frame 0064 0
90 B 348ms
105ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEPZb4zQvb65-uf8us0eISA4&google_cver=1&google_push=AYg5qPIafwSnzUpn_85vLqhSfXj77hlM3tKJfUUJgeOnYfLZkQ-hAe_x6m7_DQ-A-eDJcuSW3-bpdxeuwhTipgIoUCU7mrW5o5I
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: clear

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 0064 42 B
233 B 295ms
93ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEEDeO9KXuwAPob_PzOqN0dI&google_cver=1&google_push=AYg5qPJ_dJbzw7szX0XfE0rWTLNK1IJOfv0_CwLeyhFON8YbOrtyfZfbYlQX3UYbuTEdxZbAwXBtz7xLG24WdUEqQsdNHHCJNUtW
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1174745095&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1638224038&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F125107%2Fhacking%2Fcve-2021-40438-apache-http-server-attacks.html%3Futm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dcve-2021-40438-apache-http-server-attacks&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1638224037559&bpp=12&bdt=214&idt=678&shv=r20211111&mjsv=m202111110101&ptt=5&saldr=sa&correlator=8131362133530&frm=21&ife=1&pv=1&ga_vid=1541880625.1638224036&ga_sid=1638224038&ga_hid=304962108&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=320&ady=847&biw=1600&bih=1200&isw=320&ish=50&ifk=211237499&scr_x=0&scr_y=0&oid=2&pvsid=2779393115372969&pem=726&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ks5f0szecihe&fsb=1&xpc=HWuXpcscqw&p=https%3A//securityaffairs.co&dtd=689
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0064 0
12 B 47ms
46ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ip3UBn4SN2sxsxkgjJc2gYUvpmEq7gc2XQYcURqJnpdnbAV4ZregCLAXTe-ca_P3QMWPL3cw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 6216 110 KB
38 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 13:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 13:18:01 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6216 60 KB
24 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D16 17 KB
6 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 200 Enabler_01_246.js Show response
s0.2mdn.net/879366/ Frame F6A1 116 KB
39 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 18:26:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13644
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40237
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 18:26:35 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame F6A1 60 KB
24 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8689 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9EBE 0
23 B 84ms
83ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvw_4pTkTAe2uj2JJhfxVMabwU-BWYNnqR006rT4XVn_dFM17bSStXOtxMZNZ6h6HxP8DcvY2LSkrSNFXU4NGcqJyfSwn0BSM9iZ2fPrgeLG6fNIgLeyLMuUkg0Q5BX4mJUDtDLaeObeS2tgQ_GGmKyeQ0S6rUyY-B4AGHiE0gulqEPIFJt_yiNNOjfaOiPeGuOJVciaPusG8Q7e0PLmo-m9HbUGcCc1GNcWdLlroNn9mZCA9rcB19DCWEfi7Q5flzEgxbQ5jnihppzMoYi4r1PZqq1rgEDZ9ZTggW7myKMJEcXasYOCo6uYx9FOnLHwxpv6YPknPhxuKVCe7ShIup1Ojnv-ehxTQOMGD82NQ5Zr2i5_ovU9qy02HUezL1eYrY1UaRgCMLlzuOKN_ZAfUBbR-ZhWPNb6udWPUjXw0gaU2YBBC7kn_5cpnOliMI07czyW3Zy_Ol4ejt1V7YQ658O4_ZiOggqnHSYwbZLp7ImN0VAnM6kBhnwpDOjVwECFe82RecQ8jEWjyBowOkFDDrynibiJ9D_Qs7eMm1g_9_yLUKR1LBsSW17K_Ilm2FcNb3o0TeXgTA3o-O3u8o8oyyCX6ZEvfx-WJgeXg1Zggh7QdFgi2aidd21QUiP00wtDjztUdJFUDYeUcyjFBmEX9FwoACYRaj3kcqusRb8IU_zZEhC3a9pNxIUdOHQ_DFlzSaOVHU952ku_shzXjtyn9B21nkD8EYwVPtGqVA41IqYeW9uFg_IyxFETg4UHP2zkQyZBJ4kgRis0o4Kbf3W1-mEJrwYvfgl4yEpIGbUjq6IMs1fym2a9Tr3nc5m5zpLGDNFHR6XIsxpABF2yFQi07ZxTmTM02fD3hX-SFJd5PcO5jhyJtZckzFqXTzqbgkikqFcJMiAUpW5y9aTxRNjgpU1R6LpGoeQ03zfAScxw9bIZ6RUfZ1BN9qQ5DywSS8UZOjhaeEp1Ciowbl5BS2FK3dZkj6s_1gCTyQMPgwH3HJTUlHDhqQRUGie491bkTUYFQNgul3sUNtxZwK5sPJYFBbqAL36mvokU5NBv2T33inS__ZTQb2MZhckhMdvRIYQ_s1udoXqEUheIS7zRVpPxB-bBJZUjPPh0MW2kZTh6vHj8Pz60WBE3OWzdFx_38PEL2btvJThbeLRpveFfov3_1Kd_vJoDSX_0HUVmZFkVxNlM-rr54tvi7gepXeZEGU6fl9UNP0&sai=AMfl-YS2IM5ZhfDMhnf_PL3HMY0p1-GFz98aWwjfWm2idEYxFiXCzyp7Ed5z20FOKfkHqTCWAKNDoFYAQ0ET3BqNEYVjLy7POxc9ysqJ_l4BNQjGW3UOYiDgdcUdkaP30MPLI0TEwuddhLOLMZFnP7ssj_RVawB0sw&sig=Cg0ArKJSzKVD6ya0bkK_EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=438&vt=11&dtpt=235&dett=3&cstd=199&cisv=r20211111.90433&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7173 12 KB
9 KB 51ms
50ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f5c73098c9631d2afd30f50e5de5a9472afb9786b4560eb212cdf95e2cb448a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9311
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame B74A 12 KB
5 KB 44ms
44ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 29 Nov 2021 21:45:10 GMT
expires: Tue, 29 Nov 2022 21:45:10 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FD78 783 B
533 B 98ms
50ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1314f044601f5c56691d066909215a8e616ac8d71dc26ffddbcd0e4f351d55bd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-36dv/c/GZIoIDDQneoEccw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 29 Nov 2021 22:13:59 GMT
date: Mon, 29 Nov 2021 22:13:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-36dv/c/GZIoIDDQneoEccw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 5C90 0
128 B 37ms
18ms Script
text/plain 185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dcd67d0220b8943e9%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:58 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3544 0
23 B 85ms
82ms Ping
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDR6TbywKDdMeQkufmMVZtR8ZvpECAZNhMiTYUMtjAjendeMJsrxi5uMq0goOSza2O-4m9oObOWF0XbghxAYBefo8u7V1fWjQcXii7RLfXYK4jYwFHpG9ZeVtN5PV877f0h-DQxhx-uEHxPpgTfTFOEWFYMjcAtoSF64MsnO_Oklp2lYYmkU-pToSSUz8G-3kF-jJznUeT3hjdoQjLRJMX0Ckb1ShusztQvBXta8KMp-7c0hVMOa_08SAXmsERJYE5ITwW2bOkIHwuG58XzTFpYS9WfCmws3EOm9pYbL28K8a6WuBcEi88zPzk98XZ0dh9lK9jwJLWwNqpxp6_30JX7mjP2R5WhzfJIxQqvzTaBYunMm2cLLj1xHo2ealKFrwvqIoPlcRcw0uqTsi1LquLXQ3op5mJgo30ViPE3H06jUUpuM5VGo4EX2uSwuWvOxvFy2gPG7fwEJgRNIrOED-BiD2LyU4gKUOH3hsyNUzKDAT9badddvVJIpkyOm-PIynhM8o7-iH4u_IJaLLJciBBAbeedkv2fridtLQ70fodzBjc-LC8mX4MKmBJ_XY5zr-H1L-d4HjOaW3zmReejUWlKqOwnQXjccRTt3TZAQYHtpTgWf4FFKpDK_lGUvv9-9ZzFAjmqo8oEABtNIpFkJuDYmTFTg2B3ma-cOeEQiHQAzt_BHhQ4ENL3GQRdwW9u2Ws2wWTngl-qdR0QoTCHOsTUwS_JdLLe1pH_W4p17gIWo0PIstw5EfuP3hXWv0Qn9yxH-kY0jffDsM0NMOHKli6QrvjOt27Qevg4DWBhJamDAVi_O2p45iZNlS4zh8YSUZFzeN2DukFKcgMLI3jeXUfs-vHv5Bdmv7lHxK1gwicBglqdSDidBdvfQ4-pFbvYIE4PFDzRVFK_LAXCxOHbxqlVa7njON9WA-O9MIn07CDZYz0-iYJTaqjWdGjDtQFfoE8oukMWM-k4bl_ZeZnuI0KRPTdR_KQceDvHmxENB5IGZ6XEi9jCP-TuYgkT6_NVn2zaW8waIe6o7oQNMu0jKYLgXDEIHDTJDH2vDer0KrlZzO-MwsqkW2kdUHiWNhaw1auncpTlZh6Qv3o-ZbN1e01PHT55kNco43Fw_Zc-QW_uMlFQrnaJtalGjCwfzgK5_-ysIhQr5z8Yv0OZ9n3vO4PuDfgY72I6vfCzzQZ5D34lms3OuYP33hbISnP2pe_5AnaX1Ay&sai=AMfl-YSiTKDpthz6y6XKFwA4X10nfyjP40XUnjMU_oDtx9vxWInP1z0jS0TF-NVr-hPqM5vXHTnHQqyldINemKMDZcLoXKXQ0TkHmKCOtI_BoPey03A7TlLlWRNpxOmb3Nq2zFpqwoayI_YhJ47lcUkRjgwSx9TaAg&sig=Cg0ArKJSzGJJccctgwwfEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=600&vt=11&dtpt=318&dett=3&cstd=276&cisv=r20211111.80073&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0BD4 12 KB
9 KB 52ms
50ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f25cc8363e12e756f327808d62925edc52cffea74c19188892162c7607bd45b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9232
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7173 17 KB
6 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6216 7 KB
5 KB 48ms
48ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5db789c2ac8b0e7af8f6401ca3f09ccd00363e79e259aff5bd6758d20766271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5201
x-xss-protection: 0

GET
H3 200 60005582_20210429075527710_m-320x050_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6216 8 KB
8 KB 38ms
38ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210429075527710_m-320x050_LOOK-01.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4a9de01bb77db66eba9e7008bbbf09d78e5b69ca269755655d6266e426102d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 18:19:57 GMT
x-content-type-options: nosniff
age: 14042
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7725
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 14:55:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 18:19:57 GMT

GET
H3 200 60005582_20210429075530537_m-320x050_LOOK-02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6216 7 KB
7 KB 39ms
39ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210429075530537_m-320x050_LOOK-02.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

adc29f005534a55ee47f4209e38eb1093d6ebfdf4e9b21c1b42b1af520e2dbe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 13:23:01 GMT
x-content-type-options: nosniff
age: 31858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7095
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 14:55:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 13:23:01 GMT

GET
H3 200 60005582_20210429075533362_m-320x050_LOOK-03.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6216 6 KB
6 KB 41ms
40ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20210429075533362_m-320x050_LOOK-03.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

744bafb4dd6b8448f653bdc3b11f4d9056f357912ce850a7c3783602005361b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12084990958647640064/320x050.html?e=69&leftOffset=0&topOffset=0&c=5DSDcWqB2N&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 13:34:44 GMT
x-content-type-options: nosniff
age: 31155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6179
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 14:55:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 13:34:44 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 6216 43 B
609 B 57ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197258_146032906_-0&ref=25667676_4307561_303197258_146032906_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0BD4 17 KB
6 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 4345 0
735 B 13ms
13ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 18db614a-2bdb-44f9-adb2-ed4e8d349e2b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 05EE 0
735 B 25ms
25ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d2dd59e2-0758-49c2-91ec-7a1a25d1f3a2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F6A1 47 KB
47 KB 38ms
37ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:12:11 GMT
x-content-type-options: nosniff
age: 108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Nov 2021 22:27:11 GMT

GET
H3 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame F6A1 47 KB
47 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:10:29 GMT
x-content-type-options: nosniff
age: 210
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 29 Nov 2021 22:25:29 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F6A1 7 KB
5 KB 59ms
58ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aebaaf11ffb60afce0c0ea3bcaee43c39eed699bd8a414f0bf0a53cc773f456f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5135
x-xss-protection: 0

GET
H3 200 60005582_20180201040701083_empty.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F6A1 95 B
121 B 39ms
38ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20180201040701083_empty.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 09:51:49 GMT
x-content-type-options: nosniff
age: 44530
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
last-modified: Thu, 01 Feb 2018 12:07:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 09:51:49 GMT

GET
H3 200 60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame F6A1 26 KB
26 KB 39ms
39ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7431250422196600832/728x090.html?e=69&leftOffset=0&topOffset=0&c=vzqFPFCaNB&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 14:13:07 GMT
x-content-type-options: nosniff
age: 28852
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26568
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 06:54:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Nov 2021 14:13:07 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame F6A1 43 B
609 B 25ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197252_146033526_-0&ref=25667676_4307561_303197252_146033526_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 22:13:59 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0BBD 0
735 B 13ms
13ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f2b7d64d-9e68-4904-a0e4-10bfe1ce4ae1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A70B 0
735 B 64ms
64ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Nov 2021 22:13:59 GMT
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c6a62764-1950-4ab8-838b-73170418dc48
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6216 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame E79E 12 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 29 Nov 2021 21:45:10 GMT
expires: Tue, 29 Nov 2022 21:45:10 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E909 783 B
536 B 49ms
49ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c844845d642bc6884281e554830f4e313a864d4d3d2cf099648848895e57b64b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mvCvRfGW/IoR7z8BXu7k7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 29 Nov 2021 22:13:59 GMT
date: Mon, 29 Nov 2021 22:13:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-mvCvRfGW/IoR7z8BXu7k7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 987F 12 KB
5 KB 38ms
38ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 29 Nov 2021 21:45:10 GMT
expires: Tue, 29 Nov 2022 21:45:10 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BCE6 783 B
535 B 52ms
51ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

027e840d9b17da1850a70d26617580e02eead637fb2fd5e9779c2eab468360c1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QplORItFOXEg4e7GdD1Lfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 29 Nov 2021 22:13:59 GMT
date: Mon, 29 Nov 2021 22:13:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-QplORItFOXEg4e7GdD1Lfg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B378 0
20 B 80ms
79ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BK8l2plClYfeLK9nu7gPZtrqQBwAAAAA4AeAEAg&bg=!vL-lv_vNAAZQLpa_UC47ACkAdvg8WhvqG6rYKr4TV2HIqF54bAdeMoYjn57AQ_djxmHli1G9skZIigIAAAEJUgAAAEVoAQeZAsHNmlltCI81Q_ANFEXL3rqwchZvIdPfxoqpbCrBOlJfynaWPqyKuHm-ElNiUNKtSje33fbzRR8w53S9MxZNzmGBspOm3vECpOIJL7290alnDOrYGRXdCuQRYqIbZdcsBXJL6p_BTXs0aBw3XkCD_vpCB5HFq6ecJn7Unqw3le_qRI8kOINq7Q29hV6NWxNPxFcregU4ePLtsMbHRqJLCcR8sglVovbwncn9LnYzx7AV2PZ08QE944x0h3tZZ61XpewH1dyusp0lQQI48-NcF76V9Y9Vx2oyqVXWAYcpS5fwjLoQDmYkEMPa9TIkuMbIU5Tm3uZwHGxA5VZUxznHW9kWcg3cGnWP511sAbhCCXisB0CnEOBA66E_Ph8yF1yqatSIh0Bdt84EXRselTju98fqJAL3xUE7B5PaiJftAscqMYL7DkBAV6pwil-HlSx3ylyiYQz_ifF2b-Xp1ATrwnhyAgN0-IMhdE6l0MZ_bscodLRI2jFLk6nX7E5TKortroeP5QfB4vHumTShdfag6abmQSDj_Ej7yMM7nBZH3UpDlqujtqQcGMm86NbvBAGOKd8tjCVrfE9olyBqDXrdgt7kXTUuj5IwZTSPcksaNjlUEkY6dfmfhBQMaGGSD_Jomf_FQBcWhaDYu7NyYKtyKapfB4wvtIyKoy04prn2scINDFnnUAQvEn-ehqwMyyufulBN9Q1uyzkdOXFruUxzXyylI-JWzg12VMgoZIqwEa-DSysIspp6qF_FyOqqpYmSqAylJOKLVipWN0wsnhSKJ6u85rk1KDFg6UQKLjEUQXv-8En6OWNPO1tU3Qmv2_mmM6Alr9P666MrMikjPHPgCl3JDI9Luk1YEs2X80f6McE96uAorPlP--SrVyzyWOC0UnCxSqo93sV4_6cJlbm1N2Ra0QKMNmnZG0BYgjWRl_HZlFw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F6A1 17 KB
6 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 22:13:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 29 Nov 2021 22:13:59 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FD78 0
0 81ms
80ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=3293067016313517&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94DC 0
20 B 80ms
79ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZFIiplClYfGBMImtgAeT7qOwDQAAAAA4AeAEAg&bg=!WVqlWh7NAAZQLpa_UC47ACkAdvg8WssdzFrU8hd2LHAad0dqP6W4NTmCnju5zaO0fxgPGgo8PGx3owIAAAEDUgAAADZoAQeZAtJVQFIK_FnRGP4rgk-3q2kmbKzefZbrM7QfuAyXpHwVkwUeLq31aAtOXBzKQPJoxivSJ3voZVlhGqcu82wEqH2hA2vENpFqOufgw0yH5HXtYYCWjOsPtlNmynDT1vh9ryq-ZQXhdOpyS_6cnEZJtRvFzn2MMoyoke8CRVcrsDhZFdMQKWvouJGztz9BkM4WM3uCjFH0RFcD_uZ2-X8PW-8pRhd3akih6PY5RIDZxaZWlkfB4MF1P31ufqJ1lR4xah9Q7UuCp7y0GMitouNYDoX6JHOalbfzmF66gsGUxMWe_ZMXSyXN0ILSMn8d25rTZ7jMbK-k0H2d3pBw-4AHF2xlBwy_Z26AyAuAA-yVSJVIQ3ykgC2nPEIBvJDFMIgPTWl363HDUtcczymsrDv5XORkyJujH0iDS82hucm2Bobn9y2vUWxUzG-mxALcEO4o7WFw_jYYXepZeZn-Ugr-Y9hnFp8y7XinST4qZMzc5AgTtgpKZii3ZxpaDaaaoAuKD69lqpw7qj11KZGv8Z-i-9CZ1nq4VXwwlzQgbpDC8EWIVGmlZgFZ9hyS-BHtZaqoFe1vTN6WIzGr3vYQb0qzj6XFXqls_DYHE7l9mGTZ2RQrWL3tOlOHfKuEJYP2fQBOw9E7o3GRz3QS4fYgQX_QLxYeYWN3h53Iqwrfp1fpbsq63dqSqXbVcl6OI_4vM3_8a_s_tBkxQVsUJI280SJ3evd3KNLBLA2T6KkZqf1deRH8s_XPkD0jrKTKbLNIB1hb88EkWKPjzq6zR0ldeU3ZTSUDCsFYe-mOGZkVYuAD4Ac0CGfPadqcFNQgTWPd_gaWcun_yFvQ9V1whEQO6gYHmdmv-l6KFvAeedoN3bTdzqLJcU6lKu_NCrYutkPHkgh3D3rovlQkzHsa_tWBohlx4IfhnIV_XYV69hMSI9Z_p0J4U35kvybNfSQxPCnvx3mzVrc5BQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame B74A 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A41 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame E79E 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E909 0
0 93ms
92ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=2779393115372969&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BCE6 0
0 82ms
81ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=391453491369403&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 987F 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 484B 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 29 Nov 2021 00:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Nov 2022 00:04:32 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8689 0
20 B 80ms
80ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bb2xIplClYc3vL4X1-gaysYW4CwAAAAA4AeAEAg&bg=!7-yl7KjNAAZQLpa_UC47ACkAdvg8Wmq2oyJd-ydySVEZzomtMiUwiAlKuCYTBnHwrEAwYbSoUjurZQIAAAEkUgAAAB1oAQeZAsiY3YjA1q_sNctYPvwOJ1sd3KWuzMDzWNRWObo9r8N2j9mocmaNnvYySPmGTbCRHmYL-HO2kxa9-i8vwt9izey-P6Aa-vazLeOS6bJW-KxeOGWoBQOob9_Y8GqeltjJSDDccSs40DG_N1cKppRchTihjrQg6blb609bXjImabZxK5j_Hvn990uv46xDkWhRjnO1BtSwA0cubbm9NOIm9yiRnVCflzVutFcldtbin-lZkzkSyTDEKWSBYFNq6R9n0IxJNlxY0jQS-hYrCGSLgaRhuf6RHBi-MSuR5TYWphJSjTmO5w_QSmG6PGkwxSJFW3wwKqC8tQsWAV_qLYVfAWzQkvZinGZ7hfVxbRqfyenhhLubISi4s__cQKp9FBquvQ5c76-OBBfiTTihAry2PaSv0vQ9FpBknfdrofRkefbrtjsLhH1_sWhzzsy_gfukfIpPel2fXW5hBmCh31T5g9XoeR5pQqGD3j7pLCJzgLFT926oGsuhOFUiDBX5qqlGSyrn-ZNrneE3UFsfigxK1BAbXt1XSyULzi7Yfe95vtsc1fTBrYClCvq9YD29at6JDD1Lh8kCiS0EiPDQp2VuPbMmJMlAbzYyblTcQMVi-4MQO-8wSm6ofyIQHcaOSm7hwpAe7BBeY_bpFf3471Kerq2FvMjZw7usHRIokUpWR0v-QGSv6fYBxkDSNQZ-EWgci_LjSYoshvvDcjsIHIe2hFtx7Ee6mW1smq5wNcQtRp_E5DrRxlea0TJgEgjMgi2uaPTieocjm_oSurbol4aqwThgkOuGQDul7EjerykgpWFIEpCXodhsnk1qpzUND55qZHR5PEH8wIxERH_QXHqAMJpVk0McKRnzukEjwzaSkC60WK-sO1RdGO5qqnKDtGwpeAfRR-ZWEpvI0t95gip3kMqFEc-N5nquWutXLltmXLgfHGdzTxBE1H9f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D16 0
20 B 81ms
80ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=3293067016313517&bg=!0NOl05fNAAZQLpa_UC47ACkAdvg8Wkq5XBX6ImEghNbdhScJX7azy38BJpUHLTF6ODkkzr1LXVsMIAIAAAD2UgAAAB1oAQcKAJ2iHfJ-PJqcTnFcMogPzpzFPf1kGN68s7ri6Nu6lofhlHHnK5GHk0r7Jo6SBdqIXBxST1I_ze5aVy7UGDEM7zlT3ZjQpFZmGxzmFk8qeUCwiG8Y-giizlrDN-47euin8ZcJ_n0DG5aVc3I0TDZIOznWcUpYN85G3Sh1KJrCc3Yztdk9OdaPBi6GKwFAGhPbKStrcYgjUyweFy0_gJoZmQKcQWkVaqc7bwpgOvEPGXNXdc1xqJqrtWkzKxOHn3hIORBFm9EQAYSR7JWLp-9NHnzjJd2Ry7JZMv2dxOj8sp9FZyyyQlEp8MLvE-HE4-7aI-btjzbB4ADuKviGKE_6Vi9Lb8sndUOrq36AtCLXDjGycDIXF779kRT7ghRd4gcencenqZkyzAGx9wfzIwnSzzZ-lP865PGqinj0QHV4cxuy3Cn683aAA8uAfJ5v1Ng4tK1Gv_sOn3BHc5oVutKfUgu1uP37S7amiUEI65rHxzZ0Nlzt1jwE088CPfOpWEgD1uZFY__ccMUevmf9EOCVxMFDAXiYLp4r04PVaIJnCOTiFNQie0eDHXpteLVEVgh9pWXk73L4QQA0rcx-dZmXO82NoXb9uoYfJShAtnEKuTgijik6VADzdb7mdB87kAftZxyB-dM2Rg93QQEJDwRt83RDTeVYEsDsawCdZ4nAQcB7kirsJNk4EAAcUyQ9ie97pLdM25OO2PfmSOpQ5cARKEoFauDupF6W8KYb-r9rB6dip29DuaPXt0bfOIZ4QEHX7ABf4U68IFCjq1gEiitF4GPckLzT7OpyR-r3M-bd9Vj9xfIZjio6vOry9bcb63Dzu4GCTANTuNU-A5LszpmgGqGdvEAqN4hDGnEGXKTEyOXzVPbEHmbenGYeIWFcp1RCSuGGSb2X1RAtFNUXtYrHutGBYkNRX7zN4QqYJdpVxBFWT_dVYVyBzxj4ilOuqC4R0yAh8PrTy0uNsKmAkT_oJrgGJRXh1Rk1w_HbJPULuwvuKhkVFKdUdsOHvjo8ItnCcFevl1-bqzjHI3YKy7tc_CCUkZz3jtWExSNZ1a-Ez4LhaEgazw0T6sV06acCcUMfm7yXOiu9qyTX-o5XZ8g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3544 42 B
64 B 81ms
81ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvhRKBCpg51dwqqPSkJiQt_l36T5w_qLQC7IxK03uZ9t7jWk7a4aJ3H8NehIjt_wqgWQQjE2kGI50EfSnQBIF1dmqzFYUQwO5l7DmTLYkkGlsY5s5RyjQ&sai=AMfl-YSAMZGSN2bRMbzaj-HYZ34Nu_uQFUKwIKtMaj36fI4XaloVPi8sY7T1xJ49qXSpcv0kUtBAMKruVTeo-WMw81obd9sr0ReWRbM&sig=Cg0ArKJSzL_SiOufvg9oEAE&cid=CAASEuRo9lvHpFq9ZA930FKDOPdVuQ&id=lidar2&mcvt=1004&p=0,0,90,728&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638224038212&rpt=774&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7173 0
20 B 80ms
79ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=2779393115372969&bg=!SEulSw_NAAZQLpa_UC47ACkAdvg8Ws6dkAqme3mJaRct7D0ae_Hr_oxm4xXYzfLrk4SROqDoqTYwYwIAAAEAUgAAAAxoAQcKAHWN09-_8avBy2Kd--_3UJkstM6hGg1n6NE5aCKT8ITw8MVB2DbisQWAi-JDXgqET9jQnOzsqqf98bx9yIkOl09Snpw35ugcXAYaRBc87v1jQOEKxP0RKw2NSFseLMlCRW0JOLUd0-jYVQve44_oTRyxoKE9t4-ZApZ73URxkIZjrDf-lkGyXH3qtYgBq8-sNOP3MPS6B-tovhqjXuSxKNmzu5kQxGNIKAAnqU1Du2qubRDvS5wqnpMyPz74aW3VOQJLmsImYwzf6gE1eeLhfX382TcK4Qqn4fKPu8U3hnGc3QYV7P1WSAUZkRE_yFP0nH-1P35o7xOsYT9P_HF0y6owQFEUv9D3LS-w7lbq4bq6u2_NDEh1dsuN23gak15CosshqjXILBFRoFt1mo3MDI84N9Q4Ocpxwr1HXTlU5xjtOw_LLH2AwznJCACehc7ygmE3aKVQR4FTprpqBOJgKhFGonWsY8GFzvbfPa9ssj0P_D4VpCVuRPeKfpe6MWbIluKhAs4jGxcNb3mVSp-kVZh52r8sExfyxF-xTFfM4jxcx4X8dIze_cH_WwvKruyzOzhfEhVW-w_sKyeKPiwMzNbbYOlOq5FthdhTM_9YmOYL5iMv-Tou0FAknOxEAka4KNma0YQ39W1LLtO-s-LcSr6dQXW372EJ0If5uvMB8MU8t8_Sw4WzkkVKPQ8wd0M7O_IYU0RDy0JfYZ0ha7ucKWnzJs-K1oyBz2Og6Ni2t1_wT2r7TG_Ch3gYUMCVJwY1kSUHOglKjja2a370K-mUqoyWYACJLJXvF_6f0qLKJX2QJ5DQVr0Vx615DZLCnemtquW7u-9aK_6R7TH40AxuyrIHWLytyCGsEySsw9tTGnbthzK0q74BTHQplxEZcI8vFlV60hLAMiiWPHeVOVXkxQp9yWB__IcUI0rSr5-YJHCU1ashWCle4iX4Li59DgYHJNF12xbCs0sBQrr9XJyLL1yKq7522bLMBZwMJKlrAouK9sSRoVwvffrNQj7XiY1_Jo9sRdz6MYmUFfzytUemkw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BD4 0
20 B 80ms
80ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=391453491369403&bg=!xMelx4PNAAZQLpa_UC47ACkAdvg8WtvFv2E3r23XF-BDqYSJc7yOMMygZahN8TDTkBoozZUSZbcS2AIAAADpUgAAAApoAQeZAqC3oLNVNfdgABqblXEWfRf2m-SJPBJUu_63xF0wcKdyYalWPklTiNiu7vjCWeQXQ9ZquA7nx0RgjOzSv0ZRw1KO8WEdfE_leYONTIFudKTo0Q-5ctr3hV128ipTx2rH9noNELopMx6cQtIAdOKgDk2h_81-oy9Bmikk_oB0TWJfhfXmUDEuEm6at8VGJW_C9S4EFdozeUV2KRc3qLOH8-Sdo_kNBgHiMnQGdibKtYohbDmO4bqx8m2hSIJdkRQ-4vEg1CYjAyT9m1tRGGzw1Fd0xhm-B4VmeS7vpgTQqKAS8M58_JMhY9B8VKopZeT1vUy7OcHB-kd51Um8yQcZZE9OrIYQr3tRZnrIFesGv1FQz3Nc-tyn1MZPl8dWXUyq4fkCFBu6VzTyS1gDA-ul_aHB9gzhsg4g6bdgg_YMmiByAMNdTY9dg1aHifulwBgRnuDFOPWp3n1NCGZuQrLL6oKFDnHkOTQ_F0nPb4-Wp8xiM0UUTkqjsMDrvO13-jw6UOQGkv1hmgm4786YlAf7e8vHcd-mpUAzQysQ9ELTsm_RWSTTw3R6y6u63Fyb0AiQ3Zj8mu3cpx_nMebaD2k2V6ELDO8SRQYNepsQkfX2tnxcP0cp5H5EclVfycFSGUXp41Nlt5X8BDVp899P9HrxuUf4Ub0CY8s0DteqBCEYqGuiCVIVhW7ZfOlhDpNtY_emsj9iw7rRFx_KeXA_m7UuwsPxl6QHxGGoWF-fJEBuVA6FS-kOA67xkufFtvq6MUY8bYrKwJbsGQv16HyTxU5N1eV7Kr52wm9S1Iyua7S6gHu9j4sZaEATkWduiOdgcuPflKIzFOmqHtHNOGUFX_4HPRORam1voG3jXVZ6r-aeMbzAUSjWY5xLDC2GNiGpRqTfa70

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://securityaffairs.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9EBE 42 B
64 B 81ms
81ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstIDDMfwOQRhmWH3rKATqjwxTGyC0znHftS9tsud21-SzaD8jNMTuvw3UexosTcDio1N0ag6igQXF11Qs129SbzOHUgYtCf0cLX3SZsLEMAsftbtv4CqQ&sai=AMfl-YT-UldfFBkfroQtT4eXYSAOF47IJGOjcWd4ArQoHdrYfRvnIQQJOLBRWeU0limPux4rWxmSKbII9xH-jJMbkDEg-k5zEqtWYrg&sig=Cg0ArKJSzA9br_gIUaheEAE&cid=CAASEuRoXaRuysCPldMo2s2-vrqQmA&id=lidar2&mcvt=1001&p=0,0,50,320&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638224038249&rpt=853&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rt=ifr Show response
bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/ Frame 3571 1 KB
2 KB 40ms
39ms Document
text/html 54.194.226.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.226.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-226-253.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: e2800f66382884f7f6903aca3de3cc6536b1161881e25d3ce77e32ea7c7ea0bd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.us.e-planning.net/

Response headers

date: Mon, 29 Nov 2021 22:14:00 GMT
content-type: text/html;charset=utf-8
content-length: 1239
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.16.193
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 3571 70 B
264 B 31ms
30ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.0 200
OK image.sbxx
global.ib-ibi.com/ Frame 3571 0
72 B 545ms
134ms Image
text/plain 216.46.185.183
ASN-VINS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=6c84b138676a7ceb38bbd4554f581ddf
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: HTTP/1.0
Security: TLS 1.2, RSA, AES_128_CBC
Server: 216.46.185.183 Littleton, United States, ASN13649 (ASN-VINS, US),
Reverse DNS
Software: BigIP /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection: close
Content-Length: 0
Server: BigIP

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 3571 170 B
188 B 50ms
49ms Image
image/png 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=NmM4NGIxMzg2NzZhN2NlYjM4YmJkNDU1NGY1ODFkZGY

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

tpid=65212596784205182982595777755166594848
sync.crwdcntrl.net/map/c=9828/tp=ADBE/ Frame 3571
Redirect Chain

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=6c84b138676a7ceb38bbd4554f581ddf&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=65212596784205182982595777755166594848

49 B
266 B

84ms
31ms

Image
image/gif

52.30.14.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=65212596784205182982595777755166594848
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.27.199
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

DCS: dcs-prod-irl1-2-v020-0f81c90d4.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: TOYTZJioQjs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=65212596784205182982595777755166594848
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

tpid=3461406640998964335
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame 3571
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/6c84b138676a7ceb38bbd4554f581ddf/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3461406640998964335

49 B
265 B

64ms
33ms

Image
image/gif

52.30.14.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3461406640998964335
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.31.129
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3461406640998964335
pragma: no-cache
date: Mon, 29 Nov 2021 22:13:59 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

tpid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 3571
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=6c84b138676a7ceb38bbd4554f581ddf&gdpr=1&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftp...
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d

49 B
264 B

97ms
32ms

Image
image/gif

52.30.14.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=637465523/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol: H2
Server: 52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 22:14:00 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.4.143
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=f07f08cd-2d86-47c3-b495-a8a66ddf9c1d
date: Mon, 29 Nov 2021 22:14:00 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

116 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
securityaffairs.co/	1970-01-20 07:49:20	Name: cookielawinfo-checkbox-necessary Value: yes
securityaffairs.co/	1970-01-20 07:49:20	Name: cookielawinfo-checkbox-non-necessary Value: yes
securityaffairs.co/	1970-01-19 23:03:45	Name: session_depth Value: securityaffairs.co%3D1%7C816788371%3D2%7C184323154%3D1%7C647633027%3D1
.securityaffairs.co/	1970-01-20 16:34:56	Name: _ga Value: GA1.2.1541880625.1638224036
.securityaffairs.co/	1970-01-19 23:05:10	Name: _gid Value: GA1.2.1076081999.1638224036
.securityaffairs.co/	1970-01-19 23:03:44	Name: _gat_gtag_UA_59069958_1 Value: 1
.securityaffairs.co/	1970-01-19 23:03:44	Name: _gat Value: 1
securityaffairs.co/	1970-01-19 23:46:56	Name: _pbjs_userid_consent_data Value: 3524755945110770
securityaffairs.co/	1970-01-19 23:03:47	Name: _lr_retry_request Value: true
securityaffairs.co/	1970-01-19 23:46:56	Name: _lr_env_src_ats Value: false
.adnxs.com/	1970-01-20 01:13:20	Name: uuid2 Value: 9164184649206400284
.adsrvr.org/	1970-01-20 07:49:20	Name: TDID Value: 44067512-ebff-4bb2-874f-f9d23e6f8868
securityaffairs.co/	1970-01-20 00:30:08	Name: pbjs-unifiedid Value: %7B%22TDID%22%3A%2244067512-ebff-4bb2-874f-f9d23e6f8868%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222021-11-29T22%3A13%3A56%22%7D
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|XoTpdAZC/OrCXi+t2tt8Mx7c5rJaP5uXhxpnGfrzPAh1r4f5PW3gQ6qaZLiJj4/FKQattD3GB2TGFkanCXKRK1XEokALhlcJ9R8vVZqPCx1KqnWuDc9aU/+oD8/ZWV4=
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s568\|YaVQp
.rubiconproject.com/	1970-01-20 07:49:20	Name: khaos Value: KWL8AKW5-5-KMSJ
.rubiconproject.com/	1970-01-20 07:49:20	Name: audit Value: 1\|hLZGFuTafB0Q8VBpyL8Znj5APvdogVCbaTd6KyMQnasCO6vdpaaRU1MyAoE6QKcU5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
securityaffairs.co/	1970-01-20 08:25:20	Name: cto_bidid Value: vmzNhV9CQmI2ZmVOdE1tdXUyR3A0WXdEYW5zNGM0UVlraXRBZW4yYkdVWHVMVmZpUVdvZDEzZU4lMkYzVWllRXpHeElKRkdrOGRCenZxJTJGYng4NWQlMkI3Wm5GSFJndyUzRCUzRA
securityaffairs.co/	1970-01-20 08:25:20	Name: cto_bundle Value: GtANOl9URElRcyUyRjFMWmJFa3VaaUNrWHgyYmtqJTJCcVB6d1pHTk9jVSUyQnc1UkFxMVpnSCUyRkxaYWdLS3hUcVhnOHglMkJTJTJGQ0tuN1pVWVpjMUoxc2FLUHE5Q2ZTRSUyQmdSVGtuQ2ROT3E0TWJGeiUyRnJLMVh0WlJOODRrRTk2NmpDVm1PQ0dKRHE0N0Y
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-22 12:22:56	Name: E Value: AGz0D1WqaC8hbJeu
.pubmatic.com/	1970-01-20 01:13:20	Name: KADUSERCOOKIE Value: D2319F56-C5A0-42B9-B769-D18C2EDA2951
.pubmatic.com/	1970-01-20 01:13:20	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-19 23:05:10	Name: pi Value: 156631:2
.pubmatic.com/	1970-01-20 01:13:20	Name: DPSync3 Value: 1639353600%3A201_197_219%7C1638230400%3A174
.pubmatic.com/	1970-01-20 01:13:20	Name: SyncRTB3 Value: 1640736000%3A203%7C1639440000%3A35%7C1639353600%3A8_88_99_204_189_71_22_230_176_7_81_165_220_55_166_234_238_54_3_161_56_222_21_13%7C1639008000%3A63%7C1638748800%3A223_15_2
.zeotap.com/	1970-01-20 07:49:20	Name: zc Value: 9e6ea614-b668-44d5-4258-826e87fbe92d
.agkn.com/	1970-01-20 07:49:20	Name: ab Value: 0001%3AU5H1EpMHKPExb%2Fqaap%2BYUaban4DDiGWc
.richaudience.com/	1970-01-20 01:13:20	Name: avcid-zeo-uid Value: 9e6ea614-b668-44d5-4258-826e87fbe92d
.taboola.com/	1970-01-20 07:49:20	Name: t_gid Value: 2eb5b95c-05e4-4f25-8e72-01bdcbe33df6-tuct89ed625
.erne.co/	1970-01-20 07:49:20	Name: u Value: SKGYoVVaJ2cc7L1RCx27X5n1
.adfarm1.adition.com/	1970-01-20 01:13:20	Name: UserID1 Value: 7036118662445267092
.adform.net/	1970-01-19 23:46:56	Name: C Value: 1
.mathtag.com/	1970-01-20 08:29:39	Name: uuid Value: 42b661a5-50a5-4f00-ac9e-def5795000e4
.quantserve.com/	1970-01-20 01:13:20	Name: d Value: EI8BCwHrJPijAA
.quantserve.com/	1970-01-20 08:33:58	Name: mc Value: 61a550a5-6cbba-7935d-2506d
.simpli.fi/	1970-01-20 07:50:46	Name: suid Value: 75228D9BD96046AF95073250116967AF
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_409 Value: 22966-SKGYoVVaJ2cc7L1RCx27X5n1
.pubmatic.com/	1970-01-20 01:13:20	Name: PUBMDCID Value: 3
.onaudience.com/	1970-01-20 07:49:20	Name: cookie Value: f270faaf4d4acc77
.onaudience.com/	1970-01-19 23:05:10	Name: done_redirects219 Value: 1
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_57 Value: 22776-9164184649206400284
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_27 Value: 16735-uid:256a61a5-50a4-4600-9e32-f5e5704687e5&KRTB&16736-uid:256a61a5-50a4-4600-9e32-f5e5704687e5&KRTB&23019-uid:256a61a5-50a4-4600-9e32-f5e5704687e5&KRTB&23114-uid:256a61a5-50a4-4600-9e32-f5e5704687e5
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_1101 Value: 23040-7036118662444742804
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_377 Value: 6810-44067512-ebff-4bb2-874f-f9d23e6f8868&KRTB&22918-44067512-ebff-4bb2-874f-f9d23e6f8868&KRTB&23031-44067512-ebff-4bb2-874f-f9d23e6f8868
.adform.net/	1970-01-20 00:30:08	Name: uid Value: 7706728541878583623
.de17a.com/	1970-01-20 07:42:08	Name: guid2 Value: 1.8308693492827297970
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_153 Value: 1923-g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp&KRTB&19420-g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp&KRTB&22979-g7AWvYCxFr2YtxTq1-Bav4yyQuyYs0K4g-Wg6zNp
.adsrvr.org/	1970-01-20 07:49:20	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjI6OGh8uOZOhAFGAEgASgCMgsI6MG0z4jkmToQBTgBWgthZGNvbmR1Y3RvcmAC
.tapad.com/	1970-01-20 00:30:08	Name: TapAd_TS Value: 1638224037466
.tapad.com/	1970-01-20 00:30:08	Name: TapAd_DID Value: f07f08cd-2d86-47c3-b495-a8a66ddf9c1d
.zeotap.com/	1970-01-19 23:05:10	Name: zsc Value: %B61%F1%1A%40%05yaV%B3%C9R%FCD%B7%DC%02%EC%F8%AB%D6%9C%2B%02%C1%B9%CC-%19%8A%99%B2%A1%DE%5D%FC%96n%D9G%B7%B7+%86k%0D%F4%97%CBl%86%3F%B3%99T0O%C3%A4%2C%B8%8E%1F%0F%23%BB%23%E8_%A1%C4V%22.f%92B%EA%B0%B0c%F8%10%7B2C%A8b%CD2%9B%CC%B8%EA%97%F9%C0%BC%E3ZL%C8%7F%DF%F3L%11vm7%7B%89%ADJ%29K%7C%D8%E7%B2XA%C1%83%F5%DF%C3%407%AB%FB%09%D8D%C4%0D%A1%998%F6ku%D7%FDx%84%BC%E3%7CS%95%DF%CD%E9K%9Fk%01%C7%1C%A9D%95%1B%8F%3A%DD
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_391 Value: 22924-3263444035503318260&KRTB&23263-3263444035503318260
.tapad.com/	1970-01-20 00:30:08	Name: TapAd_3WAY_SYNCS Value:
.everesttech.net/	1970-01-20 07:49:20	Name: everest_g_v2 Value: g_surferid~YaVQpQAIXKp-pABG
.1rx.io/	1970-01-20 07:49:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-88650328-fd5e-4cac-bf90-42bf4697315c-003%22%7D
.theadex.com/	1970-01-20 01:13:20	Name: axd Value: 4278778636828001051
.theadex.com/	1970-01-19 23:13:48	Name: tis Value: EP175%3A3005
.casalemedia.com/	1970-01-20 07:49:20	Name: CMID Value: YaVQpdctlXTUZXoe9iiQCAAA
.casalemedia.com/	1970-01-20 01:13:20	Name: CMPS Value: 3276
.bidr.io/	1970-01-20 08:32:14	Name: bito Value: AAKWrk7DSqEAACyA0d0xdw
.bidr.io/	1970-01-20 08:32:14	Name: bitoIsSecure Value: ok
.bidswitch.net/	1970-01-20 07:49:20	Name: tuuid Value: 1ebc5df1-a338-463d-ad0e-56dbaf724a0f
.bidswitch.net/	1970-01-20 07:49:20	Name: c Value: 1638224037
.bidswitch.net/	1970-01-20 07:49:20	Name: tuuid_lu Value: 1638224037
.weborama.fr/	1970-01-20 08:35:24	Name: AFFICHE_W Value: gpo5aHXwOk6C90
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_336 Value: 5844-8308693492827297970
.casalemedia.com/	1970-01-20 01:13:20	Name: CMPRO Value: 1170
.yahoo.com/	1970-01-20 07:49:41	Name: A3 Value: d=AQABBKVQpWECECBihfUrVbKIYWS4IcGMMHEFEgEBAQGipmGvYQAAAAAA_eMAAA&S=AQAAAojAGGdUoLR0AwGnEK2eZD8
.adsby.bidtheatre.com/	1970-01-19 23:13:48	Name: __kuid Value: 3e9354e2-d33e-49fb-a662-e8d05a24cba5.407438037
.demdex.net/	1970-01-20 03:22:56	Name: demdex Value: 65212596784205182982595777755166594848
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_188 Value: 3189-no-consent
.turn.com/	1970-01-20 03:22:56	Name: uid Value: 3461406640998964335
.targeting.unrulymedia.com/	1970-01-20 07:49:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-88650328-fd5e-4cac-bf90-42bf4697315c-003%22%7D
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_22 Value: 14911-3461406640998964335
ads.playground.xyz/	1970-01-19 23:12:47	Name: connect.sid Value: s%3AheKABr1uW3KC3PRFGpEV_O-sYzkBRPkq.B%2BbhJ1mWpdpmXCg%2FJvqk8TKqZiS6iTAbY%2B6sV8c2m%2BI
.crwdcntrl.net/	1970-01-20 05:32:31	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 05:32:31	Name: _cc_id Value: 6c84b138676a7ceb38bbd4554f581ddf
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_594 Value: 17107-RX-88650328-fd5e-4cac-bf90-42bf4697315c-003
.dpm.demdex.net/	1970-01-20 03:22:56	Name: dpm Value: 65212596784205182982595777755166594848
.tidaltv.com/	1970-01-20 07:49:20	Name: tidal_ttid Value: 04654168-1a34-41ad-b6c4-41fae8ee288e
.krxd.net/	1970-01-20 03:22:56	Name: _kuid_ Value: OgvPtJ3t
.tribalfusion.com/	1970-01-20 01:13:20	Name: ANON_ID Value: a0nseFS3n0hryoxDnS6ZdnWvajmKd11CKlevVId7VSHIUvZcXqU8ZddN5vZcWVb5UotSR5wPrhROLgNReEDeDxVF
.doubleclick.net/	1970-01-20 08:25:20	Name: IDE Value: AHWqTUlpTqIfEEC4gmqLe9eT17w-C1qbVlRT40Hr_wugKxfKooY1eNSUVqLtmq1KsTc
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_80 Value: 22987-CAESEJNfXEZoo08iizV84D9SHS8&KRTB&16514-CAESEJNfXEZoo08iizV84D9SHS8&KRTB&23025-CAESEJNfXEZoo08iizV84D9SHS8
.volvelle.tech/	1970-01-20 07:49:20	Name: ouuid Value: e281b5ac-7392-4743-ae53-30ce284ee46a
.volvelle.tech/	1970-01-20 07:49:20	Name: c Value: 1638224038
.volvelle.tech/	1970-01-20 07:49:20	Name: ouuid_lu Value: 1638224038
.pubmatic.com/	1970-01-19 23:46:56	Name: KRTBCOOKIE_466 Value: 16530-1ebc5df1-a338-463d-ad0e-56dbaf724a0f
.pubmatic.com/	1970-01-19 23:46:56	Name: PugT Value: 1638224037
.fwmrm.net/	1970-01-20 03:22:56	Name: _uid Value: "e340e_7036118666731407188"
.casalemedia.com/	1970-01-19 23:05:10	Name: CMST Value: YaVQpWGlUKYA
.securityaffairs.co/	1970-01-20 08:25:20	Name: __gads Value: ID=bd7609c94fc9a84e-2202d71713cc00bc:T=1638224038:RT=1638224038:S=ALNI_MbOchEKaJEFa_CQx6s7CCh00ZJD2Q
.eyeota.net/	1970-01-19 23:03:44	Name: SERVERID Value: 18720~DM
.admixer.net/	1970-01-20 16:34:56	Name: am-uid Value: f2fcaa08f326410bac093c7d33257b4e
prebidserver.pixfuture.com/	1970-01-20 01:13:20	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZG1peGVyb3BlbnJ0YiI6eyJ1aWQiOiJmMmZjYWEwOGYzMjY0MTBiYWMwOTNjN2QzMzI1N2I0ZSIsImV4cGlyZXMiOiIyMDIxLTEyLTEzVDIyOjEzOjU4Ljg5MTI3NDMxMVoifSwiZXBsYW5uaW5nIjp7InVpZCI6IkFHejBEMVdxYUM4aGJKZXUiLCJleHBpcmVzIjoiMjAyMS0xMi0xM1QyMjoxMzo1Ny45MTA0MTYzNDJaIn19LCJiZGF5IjoiMjAyMS0xMS0yOVQyMjoxMzo1Ny45MTAzOTk5NzdaIn0=
.casalemedia.com/	1970-01-20 07:49:20	Name: CMRUM3 Value: ce61a550a505a0&e661a550a52760&2761a550a50b40&9861a550a62760e7ac3de6-9366-4d42-be9a-9ac5d69c864f&bc61a550a505a00&2d61a550a62760CAESEHKItlElLGH06wF8l7Rg7pQ&f161a550a505a0&c461a550a505a0
.audrte.com/	1970-01-19 23:25:20	Name: arcki2 Value: i328PSkdwABTp2k4kWUiKgeCw!20210804!1638224038956
.adnxs.com/	1970-01-20 01:13:20	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?_i(P85!]td+8i_iqf!oN/@E'zz<Z0Qrt86YuJ/[_v0xFW?P#iGqj8%$^3M0%eIc*<QG=%9sk@3@'s>T2L9Lk
.tidaltv.com/	1970-01-20 07:49:20	Name: sync-his Value: H4sIAAAAAAAAADM0sjQ1tDI0stA1tDACAEqTfaMNAAAA
.rfihub.com/	1970-01-20 08:25:20	Name: rud Value: H4sIAAAAAAAAAOMSNjExMDAyNjQyMzCwNDQzNzIzNRbiM9Q1CPKt9HQsL8wxqAiU4jU0M7YwMjIxMLY0NDIHAB7qOQI0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjExMDAyNjQyMzCwNDQzNzIzNRbiM9Q1CPKt9HQsL8wxqAgEAFAf4RYlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129S3y9si3iDINMQv3dc4NM4_3SDEoKQYAgQcKjB4AAAA
.advertising.com/	1970-01-20 07:50:46	Name: APID Value: UPa6aebdf1-5161-11ec-b143-02646cc160e4
.sniperlog.ru/	1970-01-20 12:01:20	Name: guid Value: E1568C3752B6B787
.rfihub.com/	1970-01-20 08:25:20	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129S3y9si3iDINMQv3dc4NM4_3SDEoKQ7iNTQztjAyMjEwtjQ0Mn_FiMpfxYLENzIwAQBfOs2TTQAAAA
.analytics.yahoo.com/	1970-01-20 07:50:46	Name: IDSYNC Value: "18z8~21ta:18wq~21ta"
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UPa6aebdf1-5161-11ec-b143-02646cc160e4
.yahoo.com/	1970-01-19 23:05:10	Name: APIDTS Value: 1638224039
.rutarget.ru/	1970-01-20 03:22:56	Name: userId Value: YVSZ1IRc4Vky
.adhigh.net/	1970-01-20 07:49:20	Name: gi_u Value: u5t8XqJw5qaK.AikABlF9bcMNZw
.pubmatic.com/	1970-01-19 23:46:56	Name: SPugT Value: 1638224038
.lijit.com/	1970-01-20 07:49:20	Name: ljt_reader Value: 683602bbf0823da8779ef25f
.o2online.de/	1970-01-19 23:13:48	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_303197252_146033526_-0&ref=25667676_4307561_303197252_146033526_-0
.crwdcntrl.net/	1970-01-20 05:32:32	Name: _cc_cc Value: "ACZ4XmNQMEu2MEkyNLYwMzdLNE9OTTK2SEpKMTE1NUkztTBMSUljAILEpQEr%2Fv7%2F%2F58fxIEAAL47Dyc%3D"
.crwdcntrl.net/	1970-01-20 05:32:32	Name: _cc_aud Value: "ABR4XmNgYGBIXBqwAkhBAQAYuQH%2F"

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks(Line 520) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks(Line 521) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks(Line 522) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks(Line 523) Message: Mixed Content: The page at 'https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=a28b0e9b2cdbb1f5240bb81b525eda0e'. This request has been blocked; the content must be served over HTTPS.
javascript	error	URL: https://securityaffairs.co/wordpress/125107/hacking/cve-2021-40438-apache-http-server-attacks.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2021-40438-apache-http-server-attacks Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=9e6ea614-b668-44d5-4258-826e87fbe92d&reqId=ce8acc93-b9ac-40c6-73ed-ab69e674948c&zdid=1361 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.rfihub.com
a.tribalfusion.com
a.volvelle.tech
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
bcp.crwdcntrl.net
beacon.krxd.net
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cc.adingo.jp
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
contextual.media.net
core.iprom.net
cs.chocolateplatform.com
csync.loopme.me
d.turn.com
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsp.adkernel.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
global.ib-ibi.com
google-analytics.com
google-sync.rutarget.ru
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
green.erne.co
gu.dyntrk.com
gum.criteo.com
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
navvy.media.net
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture-inv-nyc.admixer.net
pixfuture2-d.openx.net
platform-api.sharethis.com
portal.o2online.de
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.adhigh.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.openx.net
rtb2-useast.e-volution.ai
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.extend.tv
sync.mathtag.com
sync.richaudience.com
sync.targeting.unrulymedia.com
sync.tidaltv.com
sync3.sniperlog.ru
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
usermatch.krxd.net
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
api.rlcdn.com
fonts.googleapis.com
pagead2.googlesyndication.com
104.89.20.125
104.89.42.102
13.32.99.34
141.95.3.40
142.250.185.194
143.204.98.4
151.1.205.165
151.101.129.108
151.101.129.44
151.101.130.49
157.245.94.128
159.65.196.12
168.119.79.223
169.50.137.184
174.137.133.49
178.162.133.150
178.250.2.146
178.250.2.151
18.156.0.31
18.156.195.47
18.194.17.206
18.195.177.130
18.215.193.43
185.29.132.245
185.33.221.50
185.33.221.53
185.64.189.110
185.64.189.112
185.64.190.78
185.64.190.81
185.86.139.89
188.165.4.142
192.0.76.3
192.0.77.2
193.0.160.129
194.190.76.44
195.5.165.20
2.18.235.93
2.21.140.74
2.21.141.175
2.21.141.186
2.21.141.232
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
2001:8d8:100f:f000::289
204.62.13.72
209.54.177.54
212.82.100.182
213.155.156.169
213.19.147.44
216.46.185.183
216.58.212.130
216.58.212.162
23.37.42.132
23.88.75.189
2600:1f18:6593:f607:ba15:f8ca:726:bfa6
2600:9000:2156:5600:3:c04e:c780:93a1
2600:9000:224a:2a00:c:abe:f440:93a1
2602:803:c004:200::140
2606:4700:10::6816:1857
2606:4700:20::681a:b9c
2606:4700:20::ac43:4a81
2606:4700::6812:acf
2606:4700::6812:d05
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2006
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a02:2638:1::13
2a02:fa8:8806:16::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a04:4e42::300
2a04:fa87:fffe::c000:4902
2a05:d018:24:b002:bc48:7748:582:a849
2a05:d018:d29:3605:6798:75ff:a274:9693
3.122.214.165
3.222.216.135
3.70.103.160
31.172.81.160
34.102.149.62
34.102.253.54
34.107.148.139
34.149.20.76
34.247.199.143
34.254.143.3
34.98.64.218
34.98.67.61
35.156.119.137
35.201.81.244
35.210.178.101
35.212.101.174
35.227.248.159
35.227.252.103
35.244.174.68
37.157.6.245
37.157.6.251
46.249.52.248
5.178.65.245
5.178.65.253
51.158.28.83
51.178.20.139
51.210.112.236
51.89.9.253
52.212.206.16
52.223.40.198
52.29.0.64
52.30.14.23
52.30.39.253
52.30.98.117
52.95.126.160
54.194.185.111
54.194.226.253
54.228.52.99
54.236.184.123
54.90.48.240
54.92.96.182
63.251.14.14
66.155.71.150
66.155.71.25
67.202.105.21
68.183.31.14
69.173.144.139
69.173.151.100
72.251.241.206
80.64.106.148
82.113.101.132
85.114.159.118
89.163.159.106
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
027e840d9b17da1850a70d26617580e02eead637fb2fd5e9779c2eab468360c1
0298dfe938a9dfdae8609c7b19df2203528edeff96f157a945d609cc4134a64a
02c96d4b3b7997471faaef25685d5a84a716cc9c3b1624fca1e1912bf50d0173
0504c3a36cc0dbb4f64d6197239fbe0e20720c73b157b2806a9ede7d9b5a442c
06aa483f49864b26c7116d670ec1b16c4f451385bf31d500285414a0d1d5771e
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcf56b049e78550ba429cee99e5a6fc662f379f9cbb671c6416c36ea3b72093
0bf10f794b7979d2abd8fd4cdee18c36e1b2fc69825ec0c228a1afe73dbe42ed
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ec6ddbd58d42e2793df829373ae62d0801b742e97220c8a575f9db6daf50e9b
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
119f16a48ee60048587f6148ccd7b4d166b5f77d22ac11c87d665f5dee82fc78
11c3d8177f6592a924a436c7bc8133c86aea5305ab74fcbb520ca3fb2eee7c08
126820462b78e11b4adfb331f0b4dbf2ea5d1967b0a0cccf2eca7424c688caf2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1314f044601f5c56691d066909215a8e616ac8d71dc26ffddbcd0e4f351d55bd
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
14200d8b2f52ae739fb302c4be4c8f5677792594fc7adf5ed13f9c2208b9f04b
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1523ddaa632d195a1240668fb5c6870519e3cdfeabd5a346141bcbb03222e2e7
175437ab2d5703d39c01d0f479b19f9b1569bfb2cf43dca8cbf30ff962f0f48b
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18cccd9fe6995781f63b41e987dd259e8c730f166805e15f21765a1586a082f5
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1aee5162d62009e9fcda4f5a9f5122cbcabb8b2b1864c1aa3cdf8f08fae38e46
1cc4f4c92b087dcaf73fae7b25faeb55c5b3399e5ccf1d8ac5dbc01231fdb61a
1e1576f79a72049a6421e7929cbbd4071a7140fc7f73c98052a7f607f6d994ee
1f5c73098c9631d2afd30f50e5de5a9472afb9786b4560eb212cdf95e2cb448a
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
208731ddda9f1c431ee8e23fcfbf77d8b6996b851c388e4ee90f59dfee96ca3c
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
23996e7b6bc587834be19d364cd17f5f68a73e3651594cdd4b051022b68cc326
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31cb20c9bde89fc79f5001dcc52b930c73d5b9d9b12e4932905c9899b0a17e5c
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
352c5d60f4480a1c14b0d9551b8973c3bebd802eea0406ea6dd79f7286ed6850
36450fe4fb6afb065d755fddc0ad99abe9123ad9a1cf2eb9cec86f442ca9f997
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
386653e6cfd832d3a758f86b3cc4c88ead8d2b7b8da4b2a30f1a144cb03cc681
39b632b481faadc64ba05ff12257d314572250619ff13fccc0f2dc46215aa869
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
405199c008df895afbd8d2bc39ed0efd73ce193105f3271b14a0fa0841e7a329
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
41318960f285f75ae0b642a1409279dcc81a2654ebd047941f092f0fa27c6902
43020d5f41bc360f445d3c958416bfaa38fda473297846e739770a3652620ad8
444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
466f8a37e914028687799c5d10d79b67033688295edd507e3e689f79e5d438a1
47a53d133212a8c78cb205f4ec840af48254cd353821c4cf6f4802d77daec27b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be5e8e1985b48fcb3acd51ddb927ad8f945a6a67b8fdb551a37359da7bb1aaa
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdc6f54d54f49e9ef05b1755e0cd21e19ff4e61275cd909918eceac729b4aba
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51469d5458d2b58fafaa0c8144215795a3b2b5d079cc32c9cd18956fff6115be
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5466349112d93b98095f7f7247bd0ffd246f32419db28e9c98240a43eaa85758
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
558cfae7b4ca98b59cc0e451c990f877a8075843e933a77a5b8becd9a346b138
59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5
5a8d15b5eaa48b5607e6f0f63bf0ecbd361309c0a314a74872812f695d784378
5a934fbfdb1668df3913390d3c1c221f89397790806e109f9dec43973f9680c0
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5e27ce0c0559d462b7028d57f4d8b075cff0912bd6cf8b014ea30669e207f43c
606ece8778fbf13cb842cba049f8c7c09b9b92b3a16be0afcce479229fe9e7e6
613b8401d09a5ea156a5eb6c6a59701c8f08ec0fe9ecbaedb895787da3be1ec9
63dffc7a3942f6adae224f8675c2e4edbe72ec384376994576bdd4fa9ef654d5
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
66d3aeb3e4109edb87c3e26cd18d6560884df65c6010d22e0a95245314509b03
6a0b772330a8a3c848cd5fe666fbe22b4db2d5e2898d4f92f2508eacb47a457b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d8ac9578283111bcae94234cbcd2b1773fe51e403ca75f65cb5fa0a25b35764
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
744bafb4dd6b8448f653bdc3b11f4d9056f357912ce850a7c3783602005361b0
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
7739eefcdee8afcb00fbe9a35cc795fff0cff7092b10d56c4190484d42892433
78f815f8fbebc03eee6f13b28eb67180a195e7f4beca9e22ea805b9e7a3f5cca
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83d597355ad7ec4787c099896b31af28480dec8c749af0c300511c81b396d2b7
8437e22a765f56d8b26da6dcdfcf5f1050db003963c70ce3c9b7c90546f9f733
879dec4e834723311cb4cb14f23e6f6df941637891f0c0384857241536c1b1db
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8c6f27b5722b8398cef533815f36c92563b0c5420a9027ebcec5a30c9e0e8d32
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e6479cd4913a87170eb62978960f57a2966a67fe1ce10ece3cbf9ee4097aa70
8f113f622b2df1bc54efa3cafd1dd6b3cb563a0ad43fdac8f32a2b1a1b3fa4cd
9112d61c461ed5cb41db86e21252776f0e0312d68d0228db1e6a478ecd54ae19
931bb09b906a88834606cc21bfd414ea56e3d95f6a7f558af4927760e3f9c7de
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ab10fa675e6e94e1a8d2950508afb0690de4a3e97f3538a3d8e9a69d030e2e9
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c0c58e6cc3d4e8314e225db3b0899c1ce8579cb1036ba883ed97f29015e9809
9d73b229082ad63f3ca2fd91f9ea2fa16c543037422e99b985c7d6c6cc681dc3
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9dc575a4b4095df35e7eda9d67043680e0fd7ed5ade0b3425197cb5d693ec23c
9f2f9d4bc38f974936f81890d59cc73176c5f57ce61f2c6131a369f4ba983532
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0bebddd2dfa73af3d8b4be6bef5cab5441ed6cd9d63e2fcda0384e68a3273e2
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53cbfa533ab984629a2ffd13633e87b83fc7b3a5a9ef195a80d1633f925d19f
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a74f338c4a2372e1bdfce8edda31512f5bb6f6347537273b75386b21d2f725b3
a816e8d7f90a504a127bee4555c0df3a19ba293d00ec2755236f774c2fd93906
a8636a3a2eed4ca7aef1741c62533222e0b9e68e7f7533c2ceef9a2ba6a191a6
a8acbf49a152ca584c48353a6482d01f4b8ca4c16c2c1bc7e583af07ee8f6933
abf249148de315bdac917ad0f0818a8b90ae745dd6390c26a83e24417c606b00
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
adc29f005534a55ee47f4209e38eb1093d6ebfdf4e9b21c1b42b1af520e2dbe2
aebaaf11ffb60afce0c0ea3bcaee43c39eed699bd8a414f0bf0a53cc773f456f
afe62c3763131bac539ab779d16172f3c7981ebb8fb6fb93904fbba508c49cee
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b0534210815c3c9ee7e1df828e0916d2997bf39db55466c2cb7353e423db4499
b0b015ea0baa3a87937815ea6ba5b35f9cca8b4a0aeaa71974892b290d3eb0da
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42879f91c4e02ed7db0cc0e305addaf395d624c47d015d2214b81739c1786b2
b42e2bd9a5c31050e653406a5837aa1865860b5c5614aa946aede4523013f5da
b52ced18c54e85acf730a04fa9e3c7fc350382530023951d5111e67508f7cd51
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b6466e947418bf7593ca45c641152848fa9a58998d36281e70e731a9b6a9dbe2
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b881bedbfcbfa2f4b216b50ff5318e7faa071bfb84234a68825c257198e3e233
b8a3b94e6bdda09167a138df30b984800bec4fa633f306211f7c6a81a2f73098
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bc29c34d0738c5cb3f96585219667566799d9e142699e982f9406d5b04fa9794
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c21627e0f85d90bc6bea1a99177a986d44d5d36256669927cfb35aa8e3fb14e0
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c2f6b8b3cd60716a94d85cb72a339e4b5125d86cae6dc3afe8c7b0b88eb5e0de
c3f2d73001db8e6e5b260e7a5e1575c5a1e07ea9c4849b90bb0ec2ef4679fb01
c5b1dbf46b92e225b0b5f5d690ba5e220f93b26f7029dd8c6a7aeb456e6201be
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c844845d642bc6884281e554830f4e313a864d4d3d2cf099648848895e57b64b
cdd82869cab214bbd1526443aa190143600215f6cef28ca7f543311c0b3b4e37
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfedc3f49c82821faf6ea3898224ce86d378fbf6cfb948b60088e29e5d91b620
d227b8be4d6a6a138845bf4bb9cd54982d6b866e77c1b0746684ccc708eff4a3
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d4a9de01bb77db66eba9e7008bbbf09d78e5b69ca269755655d6266e426102d0
d5db789c2ac8b0e7af8f6401ca3f09ccd00363e79e259aff5bd6758d20766271
d608712eafc55a207b4c7f262b3860549e50d7518ff578e4c38d1c4e4698aa37
d64e8e27214c0f5c52bb71237b217d7c5c9d6c0ae927ff8e03fb2dc91a9328d4
d808c9258d6a3a639b96625a4d07576f02f6e4b449c2d35cd96b8e15872fbcdb
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
dacba10a354a42a9c6c11de350786d7755bc82e80fb27b4a45cd03373d75435b
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
dfc3fed6de31e6424df36c32f320163d8ac11d1131c8ae8a2398f31f836a4fe0
e2800f66382884f7f6903aca3de3cc6536b1161881e25d3ce77e32ea7c7ea0bd
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e6cea3fab0eb4a862d6929b42068eed24ddb5b97bd92338da7abe3bf4b67f01f
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e917694cdde820e56d8cd80ea4c9abaf236ac16e8d23972edb03b1069806bbb5
ea1445ce93c92bf5e3306beb8efbc74dab3acd52ad37ecd62c7c5c34bb0b66bc
ed1f6bcfbdb229cb3e901c2feec823e96e3de665086469fcdf79f6e61ff62718
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f25cc8363e12e756f327808d62925edc52cffea74c19188892162c7607bd45b6
f31ef9616b8a76902c64ba3c3ccbcbc9e4559ad823524510e405816813101b4f
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6a6aa21ef6a466e386b0c04b034094365bd045bb0f24f2617cc49debca9a583
f80ee91c41510bf3330ada78a76ddd6555f22cd8f9ae38e98f36d80716fb39f0
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

464 Requests

81 %HTTPS

23 %IPv6

98 Domains

154 Subdomains

104 IPs

14 Countries

3761 kBTransfer

7653 kBSize

116 Cookies

17 Outgoing links

Redirected requests

464 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

464
Requests

81 %
HTTPS

23 %
IPv6

98
Domains

154
Subdomains

104
IPs

14
Countries

3761 kB
Transfer

7653 kB
Size

116
Cookies

464 HTTP transactions
15 data transactions