www.weeklyvoice.com Open in urlscan Pro
142.4.25.154 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Submission: On November 22 via api (November 22nd 2021, 6:03:41 pm UTC) from US — Scanned from DE

Summary HTTP 152 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 28 domains to perform 152 HTTP transactions. The main IP is 142.4.25.154, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is www.weeklyvoice.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 17th 2021. Valid for: 3 months.

This is the only time www.weeklyvoice.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	142.4.25.154 142.4.25.154	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
4	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	192.0.78.32 192.0.78.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	184.30.24.193 184.30.24.193	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a03:2880:f02... 2a03:2880:f02d:110:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
7	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 1	34.202.255.214 34.202.255.214	14618 (AMAZON-AES) (AMAZON-AES)
3 15	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
3 3	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 2	2a05:d01c:1d8... 2a05:d01c:1d8:8102:9b42:ec:9152:470a	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1 1	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
152	32

21 142.4.25.154 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.weeklyvoice.com

www.weeklyvoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

jetpack.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.24.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-193.deploy.static.akamaitechnologies.com

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:110:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.202.255.214 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-255-214.compute-1.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 142.250.185.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.19 (United States) 3 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8102:9b42:ec:9152:470a (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.250 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.141 (Los Angeles, United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	450 KB
31	doubleclick.net 3 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	154 KB
21	weeklyvoice.com www.weeklyvoice.com	3 MB
13	gstatic.com fonts.gstatic.com www.gstatic.com	237 KB
12	wp.com c0.wp.com stats.wp.com pixel.wp.com s0.wp.com	102 KB
6	google.com 1 redirects adservice.google.com www.google.com	2 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	4 KB
4	adnxs.com 3 redirects ib.adnxs.com	4 KB
4	googletagservices.com www.googletagservices.com	146 KB
4	google-analytics.com www.google-analytics.com	20 KB
4	googleapis.com fonts.googleapis.com	4 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	openx.net 3 redirects rtb.openx.net	601 B
3	google.de adservice.google.de	1 KB
3	googletagmanager.com www.googletagmanager.com	126 KB
2	innovid.com 1 redirects ag.innovid.com	687 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	quantserve.com 1 redirects cms.quantserve.com	801 B
2	wordpress.com jetpack.wordpress.com public-api.wordpress.com	8 KB
1	mookie1.com odr.mookie1.com	324 B
1	2mdn.net s0.2mdn.net	143 KB
1	rubiconproject.com pixel.rubiconproject.com Failed	459 B
1	everesttech.net 1 redirects pixel.everesttech.net	375 B
1	gravatar.com 1.gravatar.com	813 B
1	facebook.com graph.facebook.com	648 B
1	pinterest.com api.pinterest.com	461 B
1	googleadservices.com partner.googleadservices.com	640 B
0	atdmt.com Failed ad.atdmt.com Failed
152	28

	Domain	Requested by
21	tpc.googlesyndication.com	googleads.g.doubleclick.net www.weeklyvoice.com tpc.googlesyndication.com pagead2.googlesyndication.com
21	www.weeklyvoice.com	www.weeklyvoice.com c0.wp.com
18	pagead2.googlesyndication.com	www.weeklyvoice.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
15	cm.g.doubleclick.net	3 redirects www.weeklyvoice.com googleads.g.doubleclick.net
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.weeklyvoice.com googleads.g.doubleclick.net
9	fonts.gstatic.com	fonts.googleapis.com
7	s0.wp.com	jetpack.wordpress.com s0.wp.com public-api.wordpress.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.weeklyvoice.com
4	fonts.googleapis.com	www.weeklyvoice.com googleads.g.doubleclick.net
3	image6.pubmatic.com	3 redirects
3	rtb.openx.net	3 redirects
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	pixel.wp.com	www.weeklyvoice.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	www.googletagmanager.com	www.weeklyvoice.com www.googletagmanager.com
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	ag.innovid.com	1 redirects googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
2	stats.g.doubleclick.net	www.google-analytics.com
1	odr.mookie1.com	googleads.g.doubleclick.net
1	s0.2mdn.net	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	public-api.wordpress.com	jetpack.wordpress.com
1	1.gravatar.com	jetpack.wordpress.com
1	graph.facebook.com	www.weeklyvoice.com
1	api.pinterest.com	www.weeklyvoice.com
1	jetpack.wordpress.com	www.weeklyvoice.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.wp.com	www.weeklyvoice.com
1	c0.wp.com	www.weeklyvoice.com
0	ad.atdmt.com Failed	googleads.g.doubleclick.net
152	38

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
plus.google.com
twitter.com
www.youtube.com
epaper.weeklyvoice.com
awaazpunjabi.com
pinterest.com
www.linkedin.com
www.awaazpunjabi.com
live.cmr24.net

Subject Issuer	Validity	Valid
weeklyvoice.com cPanel, Inc. Certification Authority	`2021-11-17` - `2022-02-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-08-05`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-01` - `2021-11-30`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Frame ID: 3386136E385E22C0C0A533674C178021
Requests: 74 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: 8B47897D28A9FD0405AD107F2FC52582
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&adk=1812271804&adf=3025194257&lmt=1637474540&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604214295&bpp=4&bdt=1603&idt=179&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2982853461906&frm=20&pv=2&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=227
Frame ID: 0C25C982C780510AA0A120A8BAB1A9B0
Requests: 1 HTTP requests in this frame

Frame: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Frame ID: 5425557A1500819A504FD5BDC38F7624
Requests: 8 HTTP requests in this frame

Frame: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=transparent
Frame ID: 10EC38D9A452BB433B02688BB8888D50
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27
Frame ID: ED25E5A210B7168358AE843FB1E73ECE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49
Frame ID: 879C9286E711E12D0A6FB687446A2166
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1
Frame ID: 42DB49DFFB38E623B83EBAF3A20E16AF
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0EA45D44EE9CBC59950EDB308C5783B0
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3FB6ADA45007E132639A17C5E44A3C10
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 724DF633B269B06376EFDDD08754D470
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js
Frame ID: 346FE522D3DD86E87C5597C3BFA49774
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js
Frame ID: 42F6B7024CA2FB8DECB0092352D7F01A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B04699EE85C32534C6ACBA58808E4B5D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js
Frame ID: 7E65F6C8F94A24E9CF50D8B8E10283E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y3-v4ugEwAQ&v=APEucNXxt3i8-TCoQ_CTyIgS58DoaD7M1aBAu3l68ZRX4isv87pq52CA9CYbAJS45Rvu7caEL951igKDrsCvSjoo8mN1M1GrZbKG5isIobb6nfo_ZO0-hmPpA8rZg66Cc741FPn3lI2Ke_LYw4ddO-ocCa7jVm8CUrIw1Jm78IGKVoN0JGEG6j4
Frame ID: BC8B95CBD15E8F70BEC8A5324A097D16
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DvUNlFvV-hAM1kvYWquzB_PzqlZvJ7bHkVPxtcUfkq59vpswWeqq0aC2o0TjEduwkCF9YFOFnIXX-VlWhpsWib9lb1oNLidCgdAauOA1MzJMgoCXarr838yPIhxDZmJKR24PvkbXPDLWCGKXKd0dWG_yqzZg&dbm_d=AKAmf-AUxmBcyuTmZwEAEucbz8ZV2qmegi1G60WcdFoDOhBjP3RMrZJSlXoSOfpEvzClZrqKFewzLUxg68MWR29VLXUxUm6w-PAoCMpu45KgPT4TmQmSYNW_xUMrUcrcRB6dgZLU8Aeg6-y1CioJFymdKzwLnVkhdFvEp8GIrlu-C5t-wP23h3L1gHI3XQFfrstvUbS4MZjQby45KfRzCDBshVL6Sf70KMy2BhhbF4O1Z5tITDs87YqMoR3nrjaNp46CU_83BNU4R3TDcvEYl7qFJpvNfr-sGlLrPeDv8bJnXwtv__mYuLYWmNerFDhT_mqi7gBcaQL2KPueI_63-_ddhtWoSlm8IaXqERxn5ZkrvMvvkj4YGtfdugHeq9fip5YlOIjuJ2iVEh2yuoHd82jJcRnoTsZfkPUtps_4RN2gFQNlbBPqjWYrPQS_k8zuPh3lobGC3abHz6qxgJjrnackZig772Oun--13AgYPsiO2cko1SGNFf8Q-cHBcIRNMend30ChVNQ92shnRXNSFsHRZNiV9VRKDfQHqz9tqamZXbb_9rKynW8sNDNTUr1zkUTcVMD2weQUO0cbFEA5MKx3ok63dThTqIZn0NgQRy9P1onvt50_3ueHGkWLGH6X-V8BZou_2ZWilQrO8bLvlR5MxHY_cXxqpPwOUQHuvHZ0yTMtPx77ys5fEY2r5KG0PP_1x4rIwL1ChTJJWAN-ZMMyyJp4-2qSi__8yGIkntP5r6XahRQIfXJcBepBH3wK19YW0rkfIzZ2D8fzwLtQMLR9x--lNw2nKmeB9lDXAywDr4ohjRNgWFyhmKrun-wBfqmnJ3xAvf-mMNt9ieReGBc_8WXMmoYPwCprcvO7KkwwbeeR4XiQRz_GZR1QuI-Bpf3Ul4MP7o8ILupTyGOCzE7ogLzv2_Si2fyotaQD-ToAqEupbi-SqRGG8APcsXdEmQLfxFN1wqQ6kdoqhcHnRvSp6B5kVcACvIUhsSzQLDUrzkQFPKcdbwk0jaWChHGbhrHl2ELqRYNO9uodxwYmLFTu_w7heG4UGe0WziEN4XiHyduddv4O2mhbTfEgMMcLAfVIMfhd6rHG0oaArSMlvUGKglycNlQwZ2iR8xmTSqRWQF5X73wjuowrobDz51qXhPMZwMirXjBOOWS8p80sFD_OEw0dOYPm-ra2qKQypgZsipJc8E5adpcUP3f9R375ZVDGrXT7jO72_KNpiJQpeGCexZr9cHgkftd9KDVvOoOmvN50IgyiC1DNR87ZT_y5q_fCG1tLf58rywlWLMZora-LACldQSZ6veiwKBVD7xqg0-Askv18cpDYVurs7m_IpBhR_MGOWGPyCl5Gbc_FDHCE-VrH0rXfMER5Z5OfRfkW3cMfMRc6p-F5WRzBJlekmhoVRK0DOpeIcWQOUBOZ5Rvj14Nuxk766159XaAnH_EIYcmqHwyEdnRrQbWe5BJ_MuAV9FxdHXvXAL9AOLiappKp-K_c6u_9NiSanzA_fErRuJdUkj2bF-r-CNdHC_5p1x8wBlJ6fpAAnFC9VT8PPrrxUYIAPAlFQMzk3n9OP_N9fpGfwfACfYo9GJRZtiHoltLhOZNvwnFnkEFR9iJ6etpR9741UDDwYKviuArjrNzTaWSMtpo2HGfoSYY73sCbw6ZpaIFWAroK241_-rXhDY8UikcZaCxObry4yrUIsTiEbbfV-pSFOko8g4hYCB2NRpYophXwy1_udvK7Bn3Z4A5MH5xlmJyhBLBtB7vJ0SpldFC28iDGMqJI04FizzSujV588MUtv6u7V5cHwJnyaDBZ6mMi2KuiYc7SKzqiz2SA4vjrPrWPcDUnJFg9Q-YzM9kHyMieh8qAaG5RsntzkaKEiesnMuqHBJibHrMh2cYew6E8MY0pIBZ4W-Xqa5N0FYpr57nu13ngM2JBZ-YaSBW2pYq1rESffGUnKzCHXhyhxJ4K2JsW66i3_9n6NrZqM5sm3tqu3bRxi_Yd2T1P4O2mWXzTaMUbPTR0-9aj53992p79acafR3mirIZrkQ8dsCie6HodWfvYlgwrYBzbhEJS__1puCT6Mxs-EXjnC7UtQKycFqQ7WmDnN5ie4Eq9dQv9HFtTEi-xUDzHLhDmP04lme9vekTcCJaE0jpHbl1Pwdx5T6J0Sw31lUgBEWrL4Qa5FNObrKld4JSuM2es4qdUxa7WX3LYZfBw3x6ME0L8i1_DV4IqRm3tAkmbJ84TtDO_ZeLYFIJs1G60vFkkj7PTJrlTtNFQB_J5iJVP4V6j2vsEoV6Cy82b6aLs4x5xp4DnUr7Su3FcyqXB0PsBhcXtNb0gUt1eCWQXrGyLck5fEhtdw2EBMg8ZWLPXBSwQHe7b-_YLHtGmhOqqYnICRAAEQN0DoenvQd1Ka6l_SccYD1_lO7i3-ZVwKgL9EBMKX9_tlXCVHapCU5uJxauE1l8IVPPmJ6YSqxY65Lv1e77mK6PszSO0c5_WPypUB3nfcZsz_dxnvyTZn_s8QuWFv0sIoafAi8YPYFWTgmfUpRe0UV74ucuMCOeAUhoi3F93c4W1bJVSjJ8K0pax8dUzCI2KPUAXHtfFBZ8JEbmyDDUGlG47U8uuG87CB73EH8N1MjtCJKrpg1iEwVi4NoCgAzu5vPf6Ps6ayl3pLVE5jQDI6ChEyphjCVpcsqo_FSWK5FrtsD0KZ-xIkPVpkFdKHOtZiU-g73e0Zcm9I32irEp0JUxF3cwmF6Aa17RB_J8TWsB302rh324BfCuAEawBIGB6_yplp_-x1eSxRjAP_xJCsBejonEhiGpJo6GPLrIdV_s3QXc4YWWUyQ-6OAeszT2Xbu994r1eqQmF__CG8jvTm1__XwH-Gpql5PenqZwtEb5h1IITSFvst5ilkTAGQayITRYYEun_LlIzPDKAKzr9HMU9M9UWpC2YAAdqGK-33tZDGqrj-Lbf76Zs9jkE_Fh7Hi9G8D_McTrJx5cMD5BRSEkLZLDDSUULn3iXCLerkwycjdpMTZXoUPKMqRZgIkhVLtixVmJ_nakhlMOO2sBvSIsNpNAzdr_qaImGdAxbCaQxHE5tg00YopYJY4fYfZtNbjeyuugV2_aDfsty-6fQxW_4cJLh13AkAo1sp3kouo_0cicSLinQvfJaf7rIRgA2WGau9TrWQvunljRDJSkzibZQWd0OM0BsOt6GdNYI8hrAo6U_XRUjEarrD689oZFJyFcduBFg76CnjveLVOdb9DihQJweLReQXFJHPr7NA2H1OOnhDulE&cid=CAASEuRoGmwCmjHlvjBGLQK6tD9l9Q&rfl=2%2Chttps%253A%252F%252Fwww.weeklyvoice.com%252F%240
Frame ID: 06A6E73E39361D0A07B588C2B845570A
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DB7BA20C55E3E2E40F98E58AA6529BAA
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8316A6ABFCF67DA3D5E164BC4F980BFA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 9CDFD39F2813467C4E6930F61124DCED
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FAE95FF49E033ECDCFD546D03ECC8FDB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New malware 'SharkBot' attacking banking apps on Android phones - Weekly Voice

Page Statistics

152
Requests

89 %
HTTPS

50 %
IPv6

28
Domains

38
Subdomains

32
IPs

5
Countries

4624 kB
Transfer

6462 kB
Size

32
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/WeeklyVoiceNews

Search URL Search Domain Scan URL

URL: https://plus.google.com/100227890013241414652?hl=en

Search URL Search Domain Scan URL

URL: https://twitter.com/Weeklyvoice

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC1Nwz_pWcE1sZVB4UokhEXw

Search URL Search Domain Scan URL

URL: https://epaper.weeklyvoice.com/
Title: E-PAPER

Search URL Search Domain Scan URL

URL: https://awaazpunjabi.com/
Title: AWAAZ PUNJABI

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCzY7wQUhQfNZ5qlOSZRID2Q
Title: VNN Canada

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=New+malware+%E2%80%98SharkBot%E2%80%99+attacking+banking+apps+on+Android+phones&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&via=weeklyvoice
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Title: Google+

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/&media=https://www.weeklyvoice.com/wp-content/uploads/2021/11/ef36c2e67657129cadc352d6a841a9af.jpg&description=New+malware+%E2%80%98SharkBot%E2%80%99+attacking+banking+apps+on+Android+phones
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/&title=New%20malware%20%E2%80%98SharkBot%E2%80%99%20attacking%20banking%20apps%20on%20Android%20phones
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://www.awaazpunjabi.com/
Title: <img class="alignright wp-image-6308 size-full" src="https://www.weeklyvoice.com/wp-content/uploads/2018/01/panjabi-logo.png" alt="" width="150" height="55" />

Search URL Search Domain Scan URL

URL: http://live.cmr24.net:8081/CMR/CMR-MQ/icecast.audio
Title: <img class="alignright wp-image-6267 size-full" src="https://www.weeklyvoice.com/wp-content/uploads/2018/01/footer1.png" alt="" width="100" height="78" />

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 119

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_yfg8dALacAYRP_1y5cY28r9RaG8vVzvhy5yLiIY6ehFXu-mcefMzA_ysk&google_gid=CAESEHNeADy4P5gI3IROsUv9NaU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp2YmVBQUFBQnUzeDJZTQ&google_push=AYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_yfg8dALacAYRP_1y5cY28r9RaG8vVzvhy5yLiIY6ehFXu-mcefMzA_ysk

Request Chain 120

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5amJu_5q4S26f7oXq5vjDBlrxD9Z8Q&google_gid=CAESEFKYvr0mW_BRvWU6ZE0Pjrc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5amJu_5q4S26f7oXq5vjDBlrxD9Z8Q&google_gid=CAESEFKYvr0mW_BRvWU6ZE0Pjrc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjIxODAzMzYwMDAxMDc4MTc1ODQxMQ%3D%3D&google_push=AYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5amJu_5q4S26f7oXq5vjDBlrxD9Z8Q

Request Chain 121

https://rtb.openx.net/sync/dds?google_gid=CAESEBWABZ9qjE5XxpST1UZJTxs&google_cver=1&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEBWABZ9qjE5XxpST1UZJTxs&google_cver=1&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&google_hm=opCw9wK0zrAvlISzeTla3w==

Request Chain 122

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOxZHK3lxYyrPKKhoFQojIw&google_cver=1&google_push=AYg5qPK3ZZmBXeXE0wVt-QvkZiGdcKjjkJncI355zdMT5RTBfhXbFIJqFJSE7lNLdG9EFq9btiBc5B0Yz4SlUfBO1cnYLEGGVtQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOxZHK3lxYyrPKKhoFQojIw&google_cver=1&google_push=AYg5qPK3ZZmBXeXE0wVt-QvkZiGdcKjjkJncI355zdMT5RTBfhXbFIJqFJSE7lNLdG9EFq9btiBc5B0Yz4SlUfBO1cnYLEGGVtQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK3ZZmBXeXE0wVt-QvkZiGdcKjjkJncI355zdMT5RTBfhXbFIJqFJSE7lNLdG9EFq9btiBc5B0Yz4SlUfBO1cnYLEGGVtQ

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1&C=1

Request Chain 147

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZvbeNX7FipN6ACBkAJJKAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDnXVW9r6UUrZIEiKIexBmM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDnXVW9r6UUrZIEiKIexBmM%26google_cver%3D1

Request Chain 149

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUzNzg0OTU2NzkxMjY1Mzk1OA%3D%3D

Request Chain 150

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEudazywdDAiUb9q6AI2mtk&google_cver=1&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM42542EDBcn0mE-b8YFTehDzpb4Yyjt1qAgPQ5iR9s2rQ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM42542EDBcn0mE-b8YFTehDzpb4Yyjt1qAgPQ5iR9s2rQ&google_hm=0BZQlxekgLkc3bhksjVLRw

Request Chain 152

https://rtb.openx.net/sync/dds?google_gid=CAESEHmeOtltNgRBQL9JNOLFVRE&google_cver=1&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg&google_hm=opCw9wK0zrAvlISzeTla3w==

Request Chain 153

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKONmfA-GdmOBRMEz1zpcFU&google_cver=1&google_push=AYg5qPL3xLAHCA9_UJi_DYkuhSmU2HoBeYiYefzprDtjsWqyvhLtEDaye30_4_AefpckXwhACnuLavlGrHMvl1Zysobnq3iAIko3bA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL3xLAHCA9_UJi_DYkuhSmU2HoBeYiYefzprDtjsWqyvhLtEDaye30_4_AefpckXwhACnuLavlGrHMvl1Zysobnq3iAIko3bA

Request Chain 154

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPq4JBzkLBpNy2FT-oH8qfc&google_cver=1&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU_OYYC_UbyZ9SsG4kUaAjrn2UXjw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dBWjlPVUUtVS01RVJZ&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU_OYYC_UbyZ9SsG4kUaAjrn2UXjw

Request Chain 155

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_cver=1&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1

Request Chain 156

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEGU4_0-LJRK3kddwr2SVtAI&google_cver=1&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34LOu1t_jQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34LOu1t_jQ&google_hm=xi-ekcc6T72EWuVDF9ZVzg

152 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/ 285 KB
285 KB 718ms
308ms Document
text/html 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: ae0e0c5bb797bd94d3c306c8211452bca1736b0350374d78548c8c28c0d56285

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Mon, 22 Nov 2021 18:03:32 GMT
Server: Apache
Last-Modified: Sun, 21 Nov 2021 06:02:20 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 css
fonts.googleapis.com/ 31 KB
2 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&display=swap

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0cb4edee34756a87f0334b61cb87f03097cd8cae45ebe5905fb874c00918ca69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 17:31:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Nov 2021 18:03:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Nov 2021 18:03:32 GMT

GET
H/1.1 200
OK 0dab392823291795cb3ee25fce09e2f9.css
www.weeklyvoice.com/wp-content/cache/min/1/ 2 MB
2 MB 454ms
151ms Stylesheet
text/css 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/wp-content/cache/min/1/0dab392823291795cb3ee25fce09e2f9.css
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 5b7d9d3dceb75010ec53276c6b6a27d9287dba0566d81c1da23ce0188e5b3d01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:33 GMT
Last-Modified: Fri, 19 Nov 2021 22:35:36 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1624121

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.8.2/wp-includes/js/jquery/ 87 KB
30 KB 23ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 22 Nov 2021 18:03:32 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Tue, 22 Nov 2022 18:03:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 52ms
29ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-16792920-1

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9094f02cdc23d24def31495f065e15e352b09991af8130d4b46b4b4914fcf3f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:32 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36117
x-xss-protection: 0
expires: Mon, 22 Nov 2021 18:03:32 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 65ms
28ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1366643660291596

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4b77426203b62cf2fa1278ffb7df57ee7cf162be82a6899aba9c9b729722495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.weeklyvoice.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51183
x-xss-protection: 0
server: cafe
etag: 8558738512311710642
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 18:03:32 GMT

GET
H2 200 e-202146.js Show response
stats.wp.com/ 9 KB
3 KB 22ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202146.js
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 22 Nov 2021 18:03:33 GMT
content-encoding: br
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 10 Nov 2022 16:49:31 GMT

GET
H/1.1 200
OK lazyload.min.js Show response
www.weeklyvoice.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
8 KB 157ms
157ms Script
application/javascript 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:33 GMT
Last-Modified: Wed, 17 Nov 2021 18:39:01 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 8291

GET
H/1.1 200
OK e45c46af56ffc8041676936eb09978e9.js Show response
www.weeklyvoice.com/wp-content/cache/min/1/ 519 KB
520 KB 152ms
151ms Script
application/javascript 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/wp-content/cache/min/1/e45c46af56ffc8041676936eb09978e9.js
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 04c2d6201a212712d23699457086425b974815cecd9952b2e77da11d5640374b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:33 GMT
Last-Modified: Sun, 21 Nov 2021 05:27:37 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 531914

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-16792920-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3747
date: Mon, 22 Nov 2021 17:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 22 Nov 2021 19:01:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
53 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PV2QX9SDC5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-16792920-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fca1e958a7a53ed996ffd96f21cb6614d95253de81ba6f828ca35f4dd863425a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54129
x-xss-protection: 0
expires: Mon, 22 Nov 2021 18:03:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 95 KB
37 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K4KF69G

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea8d8d733a1aa08482aa3c858c4c12a3a298789c1bf2e293287bc64878fa2a9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37843
x-xss-protection: 0
expires: Mon, 22 Nov 2021 18:03:34 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK newspaper.woff
www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/ 18 KB
18 KB 152ms
152ms Font
font/woff 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?14
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/wp-content/cache/min/1/0dab392823291795cb3ee25fce09e2f9.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 7d730d958599587aee3ee598871cc31de21c73d08a2d45dc437e62438ae753a3

Request headers

Referer: https://www.weeklyvoice.com/wp-content/cache/min/1/0dab392823291795cb3ee25fce09e2f9.css
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Thu, 18 Jan 2018 06:19:34 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18520

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK newspaper-icons.woff
www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/ 6 KB
6 KB 152ms
151ms Font
font/woff 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/newspaper-icons.woff?1
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/wp-content/cache/min/1/0dab392823291795cb3ee25fce09e2f9.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808

Request headers

Referer: https://www.weeklyvoice.com/wp-content/cache/min/1/0dab392823291795cb3ee25fce09e2f9.css
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Thu, 18 Jan 2018 06:19:34 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 5956

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 37ms
15ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:52:02 GMT
x-content-type-options: nosniff
age: 274292
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:52:02 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 47ms
25ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 14:02:00 GMT
x-content-type-options: nosniff
age: 532894
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Nov 2022 14:02:00 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v27/ 47 KB
47 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 274754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47836
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:44:20 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 275026
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:39:48 GMT

GET
H3 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 25ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:21:56 GMT
x-content-type-options: nosniff
age: 276098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:21:56 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 20ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 432435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 17 Nov 2022 17:56:19 GMT

GET
H3 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 13:16:23 GMT
x-content-type-options: nosniff
age: 276431
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 19 Nov 2022 13:16:23 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ 270 KB
97 KB 60ms
45ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1366643660291596&plah=www.weeklyvoice.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1366643660291596

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6e4c76677234628023c3ac327132686a52ec76a881d6780292bfbc63b91651c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99571
x-xss-protection: 0
server: cafe
etag: 9429154894555314257
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 18:03:34 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame 8B47 11 KB
5 KB 30ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1366643660291596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 06:55:30 GMT
expires: Mon, 06 Dec 2021 06:55:30 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 40084
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c3cb71138ba89f1cf2419b37b83b35f896ec41631b116926520ae31541fd9bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbec7579d8c2963f13b8ef90847bef861b534371bfd2dab99ebb09ff1528b0e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
14ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=739659655&t=pageview&_s=1&dl=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&ul=en-us&de=UTF-8&dt=New%20malware%20%27SharkBot%27%20attacking%20banking%20apps%20on%20Android%20phones%20-%20Weekly%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=1933011592&gjid=1102053181&cid=2089783268.1637604214&tid=UA-16792920-1&_gid=323185006.1637604214&_r=1&gtm=2ouba1&did=dZTNiMT&gdid=dZTNiMT&z=942163671

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.weeklyvoice.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.weeklyvoice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
14ms Ping
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PV2QX9SDC5&gtm=2oeba1&_p=739659655&sr=1600x1200&gdid=dZTNiMT&ul=en-us&cid=2089783268.1637604214&_s=1&dl=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&dt=New%20malware%20%27SharkBot%27%20attacking%20banking%20apps%20on%20Android%20phones%20-%20Weekly%20Voice&sid=1637604214&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PV2QX9SDC5&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.weeklyvoice.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.weeklyvoice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
442 B 61ms
19ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-16792920-1&cid=2089783268.1637604214&jid=1933011592&gjid=1102053181&_gid=323185006.1637604214&_u=YGBACUAABAAAAC~&z=844184065

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.weeklyvoice.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Nov 2021 18:03:34 GMT
content-type: text/plain
access-control-allow-origin: https://www.weeklyvoice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 48ms
20ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-16792920-1&cid=2089783268.1637604214&jid=738143668&gjid=2015431584&_gid=323185006.1637604214&_u=aGDAiUABBAAAAG~&z=274855047

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.weeklyvoice.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Nov 2021 18:03:34 GMT
content-type: text/plain
access-control-allow-origin: https://www.weeklyvoice.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=739659655&t=pageview&_s=1&dl=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&ul=en-us&de=UTF-8&dt=New%20malware%20%27SharkBot%27%20attacking%20banking%20apps%20on%20Android%20phones%20-%20Weekly%20Voice&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiUABBAAAAC~&jid=738143668&gjid=2015431584&cid=2089783268.1637604214&tid=UA-16792920-1&_gid=323185006.1637604214&gtm=2wgba1K4KF69G&z=222388444

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 10:30:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 27176
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
640 B 42ms
19ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.weeklyvoice.com&callback=_gfp_s_&client=ca-pub-1366643660291596

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1366643660291596&plah=www.weeklyvoice.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

98defe923c47c5fd56e1f601cad6dcc9e720c7ea1ec172b5bcfdd977f6a13fef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 49ms
23ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C25 264 KB
64 KB 553ms
536ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&adk=1812271804&adf=3025194257&lmt=1637474540&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604214295&bpp=4&bdt=1603&idt=179&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2982853461906&frm=20&pv=2&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=227

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e30e581238c8cab0a07a60b059357514320e34884fdefd5b5bd0b016f078025

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 22 Nov 2021 18:03:35 GMT
server: cafe
content-length: 65310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 22 Nov 2021 18:03:35 GMT
cache-control: private

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1dfffaca39c5864898e2ea3fe3b4a06bd583f304cf51bd52d0f0eaac91a17ec9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
jetpack.wordpress.com/jetpack-comment/ Frame 5425 27 KB
7 KB 219ms
193ms Document
text/html 192.0.78.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a925cb8e68c44196c6c9d57999b2118d3075146afc3659e5dd65cea6249f8fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

server: nginx
date: Mon, 22 Nov 2021 18:03:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
content-encoding: br
x-ac: 2.hhn _dca
strict-transport-security: max-age=15552000

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e7c5a080f64a21a8c251f1f395b8b4fe4f6533d338b7147598fafb2ad50234c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ecefd1b948c0492a29b09eb7b360ec3d2f1ff5095ebe3dcf0181009a971abd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd6622300d2454b8cca34802b8e39b34906c08474bfe7154031f98cb8e333a97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 050610189d6919c379e3bc94a4a860fa974caddbdb84c26d6f474df1c888e6cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2438f7abd6d0375058865a2c2ec50f20691b6a74d53e1071dcb366d97a6c70e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fcfa97fe2f9a135f588f48df4d5a377915ed84a21267251646b0e6a4f59945c3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a43c2fa3db50574285a17510cee98a1f29020b861c9886e91e6284c91ba09033

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0ea2fa35271c78084c0244430b865af459ba144154779a691b70fedb0a3f0e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://www.weeklyvoice.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 14ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=79164731&post=111661&tz=-5&srv=www.weeklyvoice.com&host=www.weeklyvoice.com&ref=&fcp=2293&rand=0.00970300305842664
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Nov 2021 18:03:34 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK 8.jpg
www.weeklyvoice.com/wp-content/uploads/2018/01/ 74 KB
75 KB 152ms
152ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2018/01/8.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 3e2fc01d30979439db51337c4cbda985ea72963272ac61791dcf214c7558ad6e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Thu, 18 Jan 2018 06:21:45 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 76126

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 147 B
461 B 144ms
103ms Script
application/javascript 184.30.24.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/wp-content/cache/min/1/e45c46af56ffc8041676936eb09978e9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-193.deploy.static.akamaitechnologies.com

Software

Resource Hash

3491c57c07a1a20ad620144b850210b393c13d53eaa5992f6f3950220c8b16ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:34 GMT
x-content-type-options: nosniff
x-cdn: akamai
akamai-grn: 0.d4247e68.1637604214.2ee5f2bb
content-type: application/javascript
access-control-allow-origin: *
pinterest-generated-by
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1661533814584122
content-length: 147
expires: Mon, 22 Nov 2021 18:18:34 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
648 B 76ms
47ms Script
text/javascript 2a03:2880:f02d:110:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/wp-content/cache/min/1/e45c46af56ffc8041676936eb09978e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:110:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d822b00c4b7986670f14de531f4bb397679b7466be5698171e7d642c2f3dffcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004765668
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 184
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: NwTQun8Ec6SNLzyPBNPNs3uf35ccZrhurJwz92HNOHy1BZL55hy7cEbdb7sWEpsW+0300YkYJPUOEfcYT+NQQA==
x-fb-trace-id: HDnqLivUIB2
date: Mon, 22 Nov 2021 18:03:34 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AQJsB7XfroKpZOFVY_twNhb
cache-control: no-store
facebook-api-version: v5.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 8ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.013106106858914224
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Nov 2021 18:03:34 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 8ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.24733810121865685
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 22 Nov 2021 18:03:34 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK logo.png
www.weeklyvoice.com/wp-content/uploads/2018/01/ 22 KB
22 KB 153ms
153ms Image
image/png 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2018/01/logo.png
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: ff58a8bbd4b0bc0e3ddb026d5b8771c276192de94b8707da1242b0537186c1a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Tue, 16 Jan 2018 21:10:17 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 22777

GET
H/1.1 200
OK ef36c2e67657129cadc352d6a841a9af-696x418.jpg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 80 KB
80 KB 246ms
167ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/ef36c2e67657129cadc352d6a841a9af-696x418.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 8d53e4a65bce59dbaa77eb34cadf27e060501f6efaf36a486575915895fb9001

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Wed, 17 Nov 2021 20:16:51 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 81538

GET
H/1.1 200
OK BIG-BOX-300X250@2x.png
www.weeklyvoice.com/wp-content/uploads/2021/10/ 362 KB
362 KB 310ms
158ms Image
image/png 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/10/BIG-BOX-300X250@2x.png
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 1f07541ee5862a20ad605927adbbf344f7cae47b964c2278da50c094daecbbd1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:34 GMT
Last-Modified: Mon, 18 Oct 2021 18:05:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 370715

GET
H/1.1 200
OK 1a6b3f2d29abb979a051816b0be0fab1-696x385.jpg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 50 KB
51 KB 402ms
154ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/1a6b3f2d29abb979a051816b0be0fab1-696x385.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 70e6c2e2f31d014ee4706e74ecdbe0971d7ee0a0eef4e8877a7338772e8dae06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sat, 20 Nov 2021 08:01:13 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 51602

GET
H/1.1 200
OK Tim-Hudak-80x60.jpg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 2 KB
2 KB 436ms
142ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/Tim-Hudak-80x60.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 077e4b9a1a79f87568a5e1ed0b6c83fdd25570eae04933a3df9fba017ce0d5b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sat, 20 Nov 2021 07:57:10 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1646

GET
H/1.1 200
OK Rapid-Housing-Initiative-80x60.jpeg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 2 KB
3 KB 359ms
142ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/Rapid-Housing-Initiative-80x60.jpeg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 6d56c28dd5e18c12195fbbea15afa3d123db1408088b146d2e9745d37c8dff16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sat, 20 Nov 2021 07:52:12 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2405

GET
H/1.1 200
OK sddefault-7-80x60.jpg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 3 KB
3 KB 286ms
142ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/sddefault-7-80x60.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: c9b2835b373209ed2060fd1ad3274e171d051788364d4ac77d64703f9f396ce9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sat, 20 Nov 2021 21:02:41 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2582

GET
H/1.1 200
OK video-small.png
www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/ 982 B
1 KB 216ms
151ms Image
image/png 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/themes/Newspaper/images/icons/video-small.png
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 92240070626cdf9677e6e3b1282069977bcf5395ada82ff0748b5e40472277fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Thu, 18 Jan 2018 06:19:34 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 982

GET
H/1.1 200
OK Housing-Supply-Challenge-80x60.jpeg
www.weeklyvoice.com/wp-content/uploads/2021/11/ 2 KB
2 KB 152ms
151ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/11/Housing-Supply-Challenge-80x60.jpeg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 60ab34bff2ae5f2925424e1e3a070ee099360662cce130cf9ba4624fc5c627f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sat, 20 Nov 2021 07:46:26 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1980

GET
H/1.1 200
OK e-news.jpg
www.weeklyvoice.com/wp-content/uploads/2018/01/ 72 KB
72 KB 152ms
152ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2018/01/e-news.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 3d19016429f069a9527f62f75c06a01777efb99fe53f796037db9dd7c66bd3ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Fri, 19 Jan 2018 17:39:11 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 73724

GET
H/1.1 200
OK 13614735-100x70.jpg
www.weeklyvoice.com/wp-content/uploads/2018/11/ 23 KB
23 KB 161ms
161ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2018/11/13614735-100x70.jpg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 46630481b510df7aad4b0390cfbe097b30389db41817a689bb5f8a7050a6ee47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Wed, 28 Nov 2018 22:06:57 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 23151

GET
H/1.1 200
OK Screen-Shot-2020-06-20-at-8.08.32-PM-100x70.png
www.weeklyvoice.com/wp-content/uploads/2020/06/ 19 KB
19 KB 158ms
157ms Image
image/png 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2020/06/Screen-Shot-2020-06-20-at-8.08.32-PM-100x70.png
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 18fb45dd36699a3d33b4ad47342f7f7ef7089dfa91c4baa2a24e6846db8cd5f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:35 GMT
Last-Modified: Sun, 21 Jun 2020 00:10:30 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 19499

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 5425 18 KB
4 KB 50ms
15ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/mobile-useragent-info.js,/wp-content/js/rlt-proxy.js?m=1636645938j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 5a7abec13d1753040e37e3ab6273b17bcd3deb411a49f9c64f859ecc3d2ddd5b

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
last-modified: Thu, 11 Nov 2021 15:53:02 GMT
server: nginx
etag: W/"618d3c5e-498d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 11 Nov 2022 15:53:12 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame 5425 19 KB
3 KB 25ms
7ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1633595895h&cssminify=yes
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 17d8e434453e652e0612cb54d106c9e14ad60d07bf451e41745fa383aeb874bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
server: nginx
etag: W/"615eb218-5f17"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ Frame 5425 556 B
813 B 124ms
39ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ae82e42491a7de3c5d3df779e9600e5191708025e8c46102ccfa7026df735d64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT mxp 1
date: Mon, 22 Nov 2021 18:03:34 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="ad516503a11cd5ca435acc9bb6523536.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25>; rel="canonical"
content-length: 556
expires: Mon, 22 Nov 2021 18:08:34 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 5425 157 KB
47 KB 22ms
15ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9jMEKwjAQRH/INKjU6kH8lpAu6YbsJmY3iH69OfRQqAgDc3hvxr6KQfapzSA29jwb1PdaAyEPUQ72n2QIQ3UKW9lnVmDdH7qmuYLgB36oJYsSiLiwo9RMSS0gi10wLMnxDLVTok7Fiq9YtI8edD9eTtPtOk7jOX4BWUBScQ==
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c32d7224708edfed172b6e6ec3242b3d16df511594cafa8d45352eeebb41f5b6

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
last-modified: Tue, 03 Aug 2021 10:15:58 GMT
server: nginx
etag: W/"6109175e-2731f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 11 Nov 2022 17:21:09 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 5425 21 KB
6 KB 24ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/likes/queuehandler.js,/wp-content/mu-plugins/admin-bar/masterbar-tracks.js,/wp-includes/js/wp-embed.min.js?m=1637119189j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 33abec422131ee85a09ca016cdbc474fee0b47e3a98a177ce6e6456b137885b0

Request headers

Referer: https://jetpack.wordpress.com/
Origin: https://jetpack.wordpress.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
last-modified: Wed, 17 Nov 2021 03:20:06 GMT
server: nginx
etag: W/"619474e6-53f6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 17 Nov 2022 03:20:12 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ Frame 5425 18 KB
5 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1625065786h&ver=5.8.2
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 22 Nov 2021 18:03:34 GMT
content-encoding: br
server: nginx
etag: W/"60dc8943-4705"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Fri, 11 Nov 2022 12:30:25 GMT

GET
H2 200 / Show response
public-api.wordpress.com/connect/ Frame 10EC 2 KB
1006 B 197ms
173ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=transparent

Requested by

Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=79164731&postid=111661&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=What+do+you+think+about+this+article%2C+let+us+know%3F&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=transparent&lang=en_US&jetpack_version=10.3&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=ee240e0ee0072df31b5e489fabc61e25436b26ac

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://jetpack.wordpress.com/

Response headers

server: nginx
date: Mon, 22 Nov 2021 18:03:35 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
content-encoding: br
x-ac: 1.hhn _dca
strict-transport-security: max-age=15552000

GET
H2 200 button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame 5425 1 KB
1 KB 7ms
6ms Image
image/gif 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1633595895h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1633595895h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 22 Nov 2021 18:03:34 GMT
x-ac: 2.hhn _dfw
last-modified: Sat, 31 Dec 2016 05:45:43 GMT
server: nginx
etag: "58674607-4d0"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1232
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H2 200 googleplus-sign-in.js Show response
s0.wp.com/wp-content/js/ Frame 10EC 11 KB
4 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/googleplus-sign-in.js?m=1551752381h
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=transparent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: br
server: nginx
etag: W/"5c7ddce7-4290"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Thu, 10 Nov 2022 15:12:13 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ 147 KB
52 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d4db5f1e2c1032037c2fbad934bd09c13c4d450877813b33b755ea2b2899814

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53390
x-xss-protection: 0
server: cafe
etag: 14183344367460022158
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 33ms
18ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 37ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame ED25 18 KB
10 KB 1093ms
1092ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dbc8cfbc81efa23f320c6dc3c28eaa630c90da843252735153fbdb8b2ea8ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 22 Nov 2021 18:03:36 GMT
server: cafe
content-length: 9726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 879C 94 KB
33 KB 807ms
807ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba658123b6afaf36407b950f9cb29a8db6f6110afdfb1a86ba9ae045bd915169

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 22 Nov 2021 18:03:35 GMT
server: cafe
content-length: 33918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 22 Nov 2021 18:03:35 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 19ms
18ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 21ms
20ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.weeklyvoice.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/ Frame 42DB 11 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 11:15:29 GMT
expires: Mon, 06 Dec 2021 11:15:29 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 24486
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/ Frame 0EA4 11 KB
5 KB 10ms
10ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 11:15:29 GMT
expires: Mon, 06 Dec 2021 11:15:29 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 24486
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame 42DB 4 KB
634 B 40ms
25ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 16:04:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Nov 2021 18:03:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 42DB 205 B
743 B 36ms
9ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 07:41:44 GMT
x-content-type-options: nosniff
age: 210111
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 20 Nov 2022 07:41:44 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 42DB 604 B
696 B 37ms
10ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 11:11:10 GMT
x-content-type-options: nosniff
age: 197545
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 20 Nov 2022 11:11:10 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 42DB 18 KB
8 KB 40ms
15ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db8deb30d5cecf873a6361b5410aed53a439e46072dcd6af4dc2481e44ea2a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:43:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1199
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8141
x-xss-protection: 0
server: cafe
etag: 15959965552278146708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:43:36 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0EA4 0
0 55ms
55ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDGL-dtubYcjoIsbEtwew3IjIBs7V6c5mo_us_soO2YKP_bspEAEgz7WTiwFgleKQgqAHoAG_tca8AsgBAqkCzY97iDGNtj6oAwHIA8kEqgSgAk_QCXLPU19biNVDDk64ydtVsdns7qhEsJC_xxsVP5n0N25k19iDg0Y1r5CD9zRNGMmkp8poJ8UtoJrGX4sZAxd9pIGfVOsuPiKgv2JCUTV6Q7ImwOJWwm0VuixXJF1mNYOFgRvAKrM95DM4-d_OrDzRkaUR-AMkcBiog547gCU1exRakjzENmyj3dL-XAVaQWY0_UqIrQfLYswdcUr-n2Yty2qcg4O2KYOZmTJOhmPTtRs5-AfJRGx07uCzuehC20ghzpYOcQl8r4wBy7RD8fL02Onq1bbTkM207007Q7O_O8SfrrXkmtXjWx0mT4us-2p31QYI_6c9KSoEc4GsLgKu_ysGv8YD2VahJRzqa2xMYUwKYzonykiJAy2p8wrjDcAE1uOC2dQDkgUECAQYAZIFBAgFGASgBgKAB6nKucMBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ1vgL0ggJCIDhgBAQARhfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTEzNjY2NDM2NjAyOTE1OTYYAA&sigh=Iq3fib4ofls&uach_m=[UACH]

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 22 Nov 2021 18:03:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 0EA4 19 KB
8 KB 27ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:59:11 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 0EA4 2 KB
1 KB 33ms
17ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:00:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:00:46 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0EA4 119 KB
37 KB 68ms
25ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 0EA4 15 KB
6 KB 27ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:55 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 0EA4 27 KB
11 KB 39ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0072f2a89bd32697c990a647ce4577265131df2f7d089ecef8eb14d50abdfb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:19:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11327
x-xss-protection: 0
server: cafe
etag: 10656063359522146397
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 16:19:54 GMT

GET
H2 200 1399416646783745723
tpc.googlesyndication.com/simgad/ Frame 0EA4 26 KB
27 KB 32ms
18ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1399416646783745723?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmqaba7nI4WSoOfLS2cIJzwUw6A7Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ab1fab2a8a6c5339c314a3072f50d0f7e93ca06bf374cafd2f941568ead41a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sat, 20 Nov 2021 11:53:16 GMT
x-content-type-options: nosniff
age: 195019
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27084
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 16:38:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 20 Nov 2022 11:53:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3FB6 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 22 Nov 2021 18:02:14 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 81
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame 724D 3 KB
579 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 16:05:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Nov 2021 18:03:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 724D 1 KB
880 B 26ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:59 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 724D 19 KB
8 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:59:11 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 724D 2 KB
1 KB 26ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:00:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:00:46 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 724D 119 KB
36 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Nov 2021 18:03:35 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 724D 15 KB
6 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:55 GMT

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame 724D 27 KB
11 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 11:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 11:25:57 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3FB6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

36ms
36ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 22 Nov 2021 18:03:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 22 Nov 2021 18:03:35 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 22 Nov 2021 18:03:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0EA4 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6e9747ea3cf98433c117e49cb0bd368aafcf6d3c0628532b947e2e55236bf96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 346F 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 120849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 08:29:26 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 42F6 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 120849
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 08:29:26 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 879C 3 KB
579 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Nov 2021 18:00:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Nov 2021 18:03:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 879C 1 KB
880 B 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:59 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 879C 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:59:11 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 879C 2 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:00:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:00:46 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 879C 119 KB
36 KB 63ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 879C 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 879C 0
0 33ms
16ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRx0o3L7RyIDpMOc3ccztACYNzKaPLSNgjsKyQBSFq5cuvEAR6K5XoEmX7KgHmUmH-CyJfcUFq3WNFO1lBTYpV-O8Ie1Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame 879C 27 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 11:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 11:25:57 GMT

GET
DATA 200
OK truncated
/ Frame 879C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 879C 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNLPgd9ubYYbODpb1-ga51IuYCpnqg9Vm8OGYveAO3Pmb6p4OEAEgz7WTiwFgleKQgqAHoAGE8pORA8gBCakCUsKLuGjhsj6oAwHIA8sEqgSdAk_QtlmKxGpIMiHwV--bQ-9LxVuPqxBpzouFvRS2HeI9K1Gf9bpNCCJPi6Dr72-iDeLN3GVaTbWjBfDyopNL19Los15KnsgFzTWKt3MoX8ZmC6G76a3JAtr3c0VsLzUn1oTveHugXBZZTDnk55FviBikW3dZupWYQGBQfCdNERGZy4FeOZaJMgOkSGs655_25Qb8juD4v6AvLHjmwYBM68UBWwQsU-hhnfeXWG4VRbA0jsLW-A5-gdynBU0VCXhPFCVcqFq3LmSMajj1nwh7lNW1T1V9WfjjoqrnoGk9WHRXoNyQWHVnIToQTxj-y7n9RryPJFqQ2kCoQ6x-D6s8OryfGhHLinV2yh-jG8bsSDrSLGOv3Bb89pEgDAGLx8AE6MyhwOUDkgUECAQYAZIFBAgFGASgBi6AB9ruwHWoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCSoQ_SCAkIgOGAEBABGF-ACgHICwG4E4gn2BMM0BUBgBcBshccChoIABIUcHViLTEzNjY2NDM2NjAyOTE1OTYYAA&sigh=BNJXUFGekBo&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 22 Nov 2021 18:03:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B046 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 13:26:12 GMT
expires: Tue, 23 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 16644
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame B046 35 B
465 B 38ms
14ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGyiQonrZyBnRAMlEHlR_kA&google_cver=1&google_push=AYg5qPJZzmErf_QYi5fG3CyqcjZDTgeUkD9bhX05Vrpbgvyb7HJ44bIJmmm4FpwgqAXrW7sFUgDSwW_Zn8QWanVRF3ze_UNleJk

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B046
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_y...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp2YmVBQUFBQnUzeDJZTQ&google_push=AYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_yfg8dALacAYRP_1y5cY28r9RaG8vVzvhy5yLiIY6ehFXu-mcefMzA_ysk

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp2YmVBQUFBQnUzeDJZTQ&google_push=AYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_yfg8dALacAYRP_1y5cY28r9RaG8vVzvhy5yLiIY6ehFXu-mcefMzA_ysk

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp2YmVBQUFBQnUzeDJZTQ&google_push=AYg5qPI-PL4tYrYJKS4c2AAzdFC-14qvcinsr_k41_yfg8dALacAYRP_1y5cY28r9RaG8vVzvhy5yLiIY6ehFXu-mcefMzA_ysk
Date: Mon, 22 Nov 2021 18:03:36 GMT
Server: Apache
Connection: keep-alive
Content-Length: 390
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B046
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIsd3FY...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIsd3FY...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjIxODAzMzYwMDAxMDc4MTc1ODQxMQ%3D%3D&google_push=AYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5...

170 B
188 B

34ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjIxODAzMzYwMDAxMDc4MTc1ODQxMQ%3D%3D&google_push=AYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5amJu_5q4S26f7oXq5vjDBlrxD9Z8Q

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTExMjIxODAzMzYwMDAxMDc4MTc1ODQxMQ%3D%3D&google_push=AYg5qPIsd3FYZFJzIwSQFLgJlPNTw3aA2MTfpNdHVLwe1A1M0MP4hC3Lj6HCTaqvrHZWK5amJu_5q4S26f7oXq5vjDBlrxD9Z8Q
pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B046
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEBWABZ9qjE5XxpST1UZJTxs&google_cver=1&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o
https://rtb.openx.net/sync/dds?google_gid=CAESEBWABZ9qjE5XxpST1UZJTxs&google_cver=1&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&google_hm=opCw9wK0zrAvlISzeTla3w==

170 B
188 B

33ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&google_hm=opCw9wK0zrAvlISzeTla3w==

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLSTumJd_vfSl_RCa2jLOzKbMz-9zmDCRa8AlNmKnjal5JySu8lSavN1VRhsTHS-qU9R-rDt5LR6qb46GW933fGRXkmx3o&google_hm=opCw9wK0zrAvlISzeTla3w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: jc8kkj8reh2j78091aqk02uc8fmlregn

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B046
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK3ZZmBXeXE0wVt-QvkZiGdcKjjkJncI355zdMT5RTBfhXbFIJqFJSE7lNLdG9EFq9btiBc5B0Yz4SlUfBO1cnYLEGGVtQ

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK3ZZmBXeXE0wVt-QvkZiGdcKjjkJncI355zdMT5RTBfhXbFIJqFJSE7lNLdG9EFq9btiBc5B0Yz4SlUfBO1cnYLEGGVtQ
date: Mon, 22 Nov 2021 18:03:36 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET sync.php
pixel.rubiconproject.com/exchange/ Frame B046 0
0

GET
H2 200 trk
ag.innovid.com/ Frame B046 43 B
297 B 114ms
20ms Image
image/gif 2a05:d01c:1d8:8102:9b42:ec:9152:470a
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEA1S-o-Y9w9BKGBZ88R6d58&google_cver=1&google_push=AYg5qPKofYtWVVAUgTkol0mSWtXifhnITzVCmAls5DbG7nwqS8mkYrPDOrynzDVUskt_DwbTn7-99FKOL1qsMMrJX0-Llul_Kw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=326101615&adf=3347376195&pi=t.aa~a.2755536150~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=1200x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=1&bdt=2463&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0%2C395x280&nras=3&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=200&ady=2752&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=IpHRn5wAiJ&p=https%3A//www.weeklyvoice.com&dtd=49
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:9b42:ec:9152:470a London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B046 0
223 B 57ms
32ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kiy_R0poNAic-UK-9gfwjVOd6vLmKSEIqdaJMlySJAXseTAWU8Kv8v6F05vDjuOvijQ7Hl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 879C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c887d94983431d14b0f5eff7cc5c7fd9838e4356864608fbf9dcf81462badef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 879C 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 16:54:46 GMT
x-content-type-options: nosniff
age: 522530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Nov 2022 16:54:46 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 879C 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 603730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 15 Nov 2022 18:21:26 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4835515548391728158/ Frame 879C 26 KB
26 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4835515548391728158/downsize_200k_v1?w=600&h=314

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8df3ffb44b5ad286a283a4a33434ce4ff41e5ad52df9a9394411a335abc0fe0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 20:55:22 GMT
x-content-type-options: nosniff
age: 248894
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26298
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 11:27:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 19 Nov 2022 20:55:22 GMT

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7E65 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 120850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 08:29:26 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BC8B 624 B
297 B 20ms
19ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y3-v4ugEwAQ&v=APEucNXxt3i8-TCoQ_CTyIgS58DoaD7M1aBAu3l68ZRX4isv87pq52CA9CYbAJS45Rvu7caEL951igKDrsCvSjoo8mN1M1GrZbKG5isIobb6nfo_ZO0-hmPpA8rZg66Cc741FPn3lI2Ke_LYw4ddO-ocCa7jVm8CUrIw1Jm78IGKVoN0JGEG6j4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 22 Nov 2021 18:03:36 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 06A6 58 KB
29 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DvUNlFvV-hAM1kvYWquzB_PzqlZvJ7bHkVPxtcUfkq59vpswWeqq0aC2o0TjEduwkCF9YFOFnIXX-VlWhpsWib9lb1oNLidCgdAauOA1MzJMgoCXarr838yPIhxDZmJKR24PvkbXPDLWCGKXKd0dWG_yqzZg&dbm_d=AKAmf-AUxmBcyuTmZwEAEucbz8ZV2qmegi1G60WcdFoDOhBjP3RMrZJSlXoSOfpEvzClZrqKFewzLUxg68MWR29VLXUxUm6w-PAoCMpu45KgPT4TmQmSYNW_xUMrUcrcRB6dgZLU8Aeg6-y1CioJFymdKzwLnVkhdFvEp8GIrlu-C5t-wP23h3L1gHI3XQFfrstvUbS4MZjQby45KfRzCDBshVL6Sf70KMy2BhhbF4O1Z5tITDs87YqMoR3nrjaNp46CU_83BNU4R3TDcvEYl7qFJpvNfr-sGlLrPeDv8bJnXwtv__mYuLYWmNerFDhT_mqi7gBcaQL2KPueI_63-_ddhtWoSlm8IaXqERxn5ZkrvMvvkj4YGtfdugHeq9fip5YlOIjuJ2iVEh2yuoHd82jJcRnoTsZfkPUtps_4RN2gFQNlbBPqjWYrPQS_k8zuPh3lobGC3abHz6qxgJjrnackZig772Oun--13AgYPsiO2cko1SGNFf8Q-cHBcIRNMend30ChVNQ92shnRXNSFsHRZNiV9VRKDfQHqz9tqamZXbb_9rKynW8sNDNTUr1zkUTcVMD2weQUO0cbFEA5MKx3ok63dThTqIZn0NgQRy9P1onvt50_3ueHGkWLGH6X-V8BZou_2ZWilQrO8bLvlR5MxHY_cXxqpPwOUQHuvHZ0yTMtPx77ys5fEY2r5KG0PP_1x4rIwL1ChTJJWAN-ZMMyyJp4-2qSi__8yGIkntP5r6XahRQIfXJcBepBH3wK19YW0rkfIzZ2D8fzwLtQMLR9x--lNw2nKmeB9lDXAywDr4ohjRNgWFyhmKrun-wBfqmnJ3xAvf-mMNt9ieReGBc_8WXMmoYPwCprcvO7KkwwbeeR4XiQRz_GZR1QuI-Bpf3Ul4MP7o8ILupTyGOCzE7ogLzv2_Si2fyotaQD-ToAqEupbi-SqRGG8APcsXdEmQLfxFN1wqQ6kdoqhcHnRvSp6B5kVcACvIUhsSzQLDUrzkQFPKcdbwk0jaWChHGbhrHl2ELqRYNO9uodxwYmLFTu_w7heG4UGe0WziEN4XiHyduddv4O2mhbTfEgMMcLAfVIMfhd6rHG0oaArSMlvUGKglycNlQwZ2iR8xmTSqRWQF5X73wjuowrobDz51qXhPMZwMirXjBOOWS8p80sFD_OEw0dOYPm-ra2qKQypgZsipJc8E5adpcUP3f9R375ZVDGrXT7jO72_KNpiJQpeGCexZr9cHgkftd9KDVvOoOmvN50IgyiC1DNR87ZT_y5q_fCG1tLf58rywlWLMZora-LACldQSZ6veiwKBVD7xqg0-Askv18cpDYVurs7m_IpBhR_MGOWGPyCl5Gbc_FDHCE-VrH0rXfMER5Z5OfRfkW3cMfMRc6p-F5WRzBJlekmhoVRK0DOpeIcWQOUBOZ5Rvj14Nuxk766159XaAnH_EIYcmqHwyEdnRrQbWe5BJ_MuAV9FxdHXvXAL9AOLiappKp-K_c6u_9NiSanzA_fErRuJdUkj2bF-r-CNdHC_5p1x8wBlJ6fpAAnFC9VT8PPrrxUYIAPAlFQMzk3n9OP_N9fpGfwfACfYo9GJRZtiHoltLhOZNvwnFnkEFR9iJ6etpR9741UDDwYKviuArjrNzTaWSMtpo2HGfoSYY73sCbw6ZpaIFWAroK241_-rXhDY8UikcZaCxObry4yrUIsTiEbbfV-pSFOko8g4hYCB2NRpYophXwy1_udvK7Bn3Z4A5MH5xlmJyhBLBtB7vJ0SpldFC28iDGMqJI04FizzSujV588MUtv6u7V5cHwJnyaDBZ6mMi2KuiYc7SKzqiz2SA4vjrPrWPcDUnJFg9Q-YzM9kHyMieh8qAaG5RsntzkaKEiesnMuqHBJibHrMh2cYew6E8MY0pIBZ4W-Xqa5N0FYpr57nu13ngM2JBZ-YaSBW2pYq1rESffGUnKzCHXhyhxJ4K2JsW66i3_9n6NrZqM5sm3tqu3bRxi_Yd2T1P4O2mWXzTaMUbPTR0-9aj53992p79acafR3mirIZrkQ8dsCie6HodWfvYlgwrYBzbhEJS__1puCT6Mxs-EXjnC7UtQKycFqQ7WmDnN5ie4Eq9dQv9HFtTEi-xUDzHLhDmP04lme9vekTcCJaE0jpHbl1Pwdx5T6J0Sw31lUgBEWrL4Qa5FNObrKld4JSuM2es4qdUxa7WX3LYZfBw3x6ME0L8i1_DV4IqRm3tAkmbJ84TtDO_ZeLYFIJs1G60vFkkj7PTJrlTtNFQB_J5iJVP4V6j2vsEoV6Cy82b6aLs4x5xp4DnUr7Su3FcyqXB0PsBhcXtNb0gUt1eCWQXrGyLck5fEhtdw2EBMg8ZWLPXBSwQHe7b-_YLHtGmhOqqYnICRAAEQN0DoenvQd1Ka6l_SccYD1_lO7i3-ZVwKgL9EBMKX9_tlXCVHapCU5uJxauE1l8IVPPmJ6YSqxY65Lv1e77mK6PszSO0c5_WPypUB3nfcZsz_dxnvyTZn_s8QuWFv0sIoafAi8YPYFWTgmfUpRe0UV74ucuMCOeAUhoi3F93c4W1bJVSjJ8K0pax8dUzCI2KPUAXHtfFBZ8JEbmyDDUGlG47U8uuG87CB73EH8N1MjtCJKrpg1iEwVi4NoCgAzu5vPf6Ps6ayl3pLVE5jQDI6ChEyphjCVpcsqo_FSWK5FrtsD0KZ-xIkPVpkFdKHOtZiU-g73e0Zcm9I32irEp0JUxF3cwmF6Aa17RB_J8TWsB302rh324BfCuAEawBIGB6_yplp_-x1eSxRjAP_xJCsBejonEhiGpJo6GPLrIdV_s3QXc4YWWUyQ-6OAeszT2Xbu994r1eqQmF__CG8jvTm1__XwH-Gpql5PenqZwtEb5h1IITSFvst5ilkTAGQayITRYYEun_LlIzPDKAKzr9HMU9M9UWpC2YAAdqGK-33tZDGqrj-Lbf76Zs9jkE_Fh7Hi9G8D_McTrJx5cMD5BRSEkLZLDDSUULn3iXCLerkwycjdpMTZXoUPKMqRZgIkhVLtixVmJ_nakhlMOO2sBvSIsNpNAzdr_qaImGdAxbCaQxHE5tg00YopYJY4fYfZtNbjeyuugV2_aDfsty-6fQxW_4cJLh13AkAo1sp3kouo_0cicSLinQvfJaf7rIRgA2WGau9TrWQvunljRDJSkzibZQWd0OM0BsOt6GdNYI8hrAo6U_XRUjEarrD689oZFJyFcduBFg76CnjveLVOdb9DihQJweLReQXFJHPr7NA2H1OOnhDulE&cid=CAASEuRoGmwCmjHlvjBGLQK6tD9l9Q&rfl=2%2Chttps%253A%252F%252Fwww.weeklyvoice.com%252F%240

Requested by

Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

978fe97618d0d0487fbb460c569ceea2a6ae89dc4a3db36a3f3a04193efca66d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29425
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 06A6 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:00:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:00:46 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06A6 119 KB
36 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 06A6 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 18:02:55 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 06A6 42 B
63 B 46ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C7u3uRBXVgiankZB12eKXmHyE9cQ1_kQMLvsx9A6nDfLAeIJZpFf6dKTukJYS5Kuak9CyNTnm1L97LN8wVwKMk1XcBrtEEDey6rdH_QonPplKUxug

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 06A6 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DvUNlFvV-hAM1kvYWquzB_PzqlZvJ7bHkVPxtcUfkq59vpswWeqq0aC2o0TjEduwkCF9YFOFnIXX-VlWhpsWib9lb1oNLidCgdAauOA1MzJMgoCXarr838yPIhxDZmJKR24PvkbXPDLWCGKXKd0dWG_yqzZg&dbm_d=AKAmf-AUxmBcyuTmZwEAEucbz8ZV2qmegi1G60WcdFoDOhBjP3RMrZJSlXoSOfpEvzClZrqKFewzLUxg68MWR29VLXUxUm6w-PAoCMpu45KgPT4TmQmSYNW_xUMrUcrcRB6dgZLU8Aeg6-y1CioJFymdKzwLnVkhdFvEp8GIrlu-C5t-wP23h3L1gHI3XQFfrstvUbS4MZjQby45KfRzCDBshVL6Sf70KMy2BhhbF4O1Z5tITDs87YqMoR3nrjaNp46CU_83BNU4R3TDcvEYl7qFJpvNfr-sGlLrPeDv8bJnXwtv__mYuLYWmNerFDhT_mqi7gBcaQL2KPueI_63-_ddhtWoSlm8IaXqERxn5ZkrvMvvkj4YGtfdugHeq9fip5YlOIjuJ2iVEh2yuoHd82jJcRnoTsZfkPUtps_4RN2gFQNlbBPqjWYrPQS_k8zuPh3lobGC3abHz6qxgJjrnackZig772Oun--13AgYPsiO2cko1SGNFf8Q-cHBcIRNMend30ChVNQ92shnRXNSFsHRZNiV9VRKDfQHqz9tqamZXbb_9rKynW8sNDNTUr1zkUTcVMD2weQUO0cbFEA5MKx3ok63dThTqIZn0NgQRy9P1onvt50_3ueHGkWLGH6X-V8BZou_2ZWilQrO8bLvlR5MxHY_cXxqpPwOUQHuvHZ0yTMtPx77ys5fEY2r5KG0PP_1x4rIwL1ChTJJWAN-ZMMyyJp4-2qSi__8yGIkntP5r6XahRQIfXJcBepBH3wK19YW0rkfIzZ2D8fzwLtQMLR9x--lNw2nKmeB9lDXAywDr4ohjRNgWFyhmKrun-wBfqmnJ3xAvf-mMNt9ieReGBc_8WXMmoYPwCprcvO7KkwwbeeR4XiQRz_GZR1QuI-Bpf3Ul4MP7o8ILupTyGOCzE7ogLzv2_Si2fyotaQD-ToAqEupbi-SqRGG8APcsXdEmQLfxFN1wqQ6kdoqhcHnRvSp6B5kVcACvIUhsSzQLDUrzkQFPKcdbwk0jaWChHGbhrHl2ELqRYNO9uodxwYmLFTu_w7heG4UGe0WziEN4XiHyduddv4O2mhbTfEgMMcLAfVIMfhd6rHG0oaArSMlvUGKglycNlQwZ2iR8xmTSqRWQF5X73wjuowrobDz51qXhPMZwMirXjBOOWS8p80sFD_OEw0dOYPm-ra2qKQypgZsipJc8E5adpcUP3f9R375ZVDGrXT7jO72_KNpiJQpeGCexZr9cHgkftd9KDVvOoOmvN50IgyiC1DNR87ZT_y5q_fCG1tLf58rywlWLMZora-LACldQSZ6veiwKBVD7xqg0-Askv18cpDYVurs7m_IpBhR_MGOWGPyCl5Gbc_FDHCE-VrH0rXfMER5Z5OfRfkW3cMfMRc6p-F5WRzBJlekmhoVRK0DOpeIcWQOUBOZ5Rvj14Nuxk766159XaAnH_EIYcmqHwyEdnRrQbWe5BJ_MuAV9FxdHXvXAL9AOLiappKp-K_c6u_9NiSanzA_fErRuJdUkj2bF-r-CNdHC_5p1x8wBlJ6fpAAnFC9VT8PPrrxUYIAPAlFQMzk3n9OP_N9fpGfwfACfYo9GJRZtiHoltLhOZNvwnFnkEFR9iJ6etpR9741UDDwYKviuArjrNzTaWSMtpo2HGfoSYY73sCbw6ZpaIFWAroK241_-rXhDY8UikcZaCxObry4yrUIsTiEbbfV-pSFOko8g4hYCB2NRpYophXwy1_udvK7Bn3Z4A5MH5xlmJyhBLBtB7vJ0SpldFC28iDGMqJI04FizzSujV588MUtv6u7V5cHwJnyaDBZ6mMi2KuiYc7SKzqiz2SA4vjrPrWPcDUnJFg9Q-YzM9kHyMieh8qAaG5RsntzkaKEiesnMuqHBJibHrMh2cYew6E8MY0pIBZ4W-Xqa5N0FYpr57nu13ngM2JBZ-YaSBW2pYq1rESffGUnKzCHXhyhxJ4K2JsW66i3_9n6NrZqM5sm3tqu3bRxi_Yd2T1P4O2mWXzTaMUbPTR0-9aj53992p79acafR3mirIZrkQ8dsCie6HodWfvYlgwrYBzbhEJS__1puCT6Mxs-EXjnC7UtQKycFqQ7WmDnN5ie4Eq9dQv9HFtTEi-xUDzHLhDmP04lme9vekTcCJaE0jpHbl1Pwdx5T6J0Sw31lUgBEWrL4Qa5FNObrKld4JSuM2es4qdUxa7WX3LYZfBw3x6ME0L8i1_DV4IqRm3tAkmbJ84TtDO_ZeLYFIJs1G60vFkkj7PTJrlTtNFQB_J5iJVP4V6j2vsEoV6Cy82b6aLs4x5xp4DnUr7Su3FcyqXB0PsBhcXtNb0gUt1eCWQXrGyLck5fEhtdw2EBMg8ZWLPXBSwQHe7b-_YLHtGmhOqqYnICRAAEQN0DoenvQd1Ka6l_SccYD1_lO7i3-ZVwKgL9EBMKX9_tlXCVHapCU5uJxauE1l8IVPPmJ6YSqxY65Lv1e77mK6PszSO0c5_WPypUB3nfcZsz_dxnvyTZn_s8QuWFv0sIoafAi8YPYFWTgmfUpRe0UV74ucuMCOeAUhoi3F93c4W1bJVSjJ8K0pax8dUzCI2KPUAXHtfFBZ8JEbmyDDUGlG47U8uuG87CB73EH8N1MjtCJKrpg1iEwVi4NoCgAzu5vPf6Ps6ayl3pLVE5jQDI6ChEyphjCVpcsqo_FSWK5FrtsD0KZ-xIkPVpkFdKHOtZiU-g73e0Zcm9I32irEp0JUxF3cwmF6Aa17RB_J8TWsB302rh324BfCuAEawBIGB6_yplp_-x1eSxRjAP_xJCsBejonEhiGpJo6GPLrIdV_s3QXc4YWWUyQ-6OAeszT2Xbu994r1eqQmF__CG8jvTm1__XwH-Gpql5PenqZwtEb5h1IITSFvst5ilkTAGQayITRYYEun_LlIzPDKAKzr9HMU9M9UWpC2YAAdqGK-33tZDGqrj-Lbf76Zs9jkE_Fh7Hi9G8D_McTrJx5cMD5BRSEkLZLDDSUULn3iXCLerkwycjdpMTZXoUPKMqRZgIkhVLtixVmJ_nakhlMOO2sBvSIsNpNAzdr_qaImGdAxbCaQxHE5tg00YopYJY4fYfZtNbjeyuugV2_aDfsty-6fQxW_4cJLh13AkAo1sp3kouo_0cicSLinQvfJaf7rIRgA2WGau9TrWQvunljRDJSkzibZQWd0OM0BsOt6GdNYI8hrAo6U_XRUjEarrD689oZFJyFcduBFg76CnjveLVOdb9DihQJweLReQXFJHPr7NA2H1OOnhDulE&cid=CAASEuRoGmwCmjHlvjBGLQK6tD9l9Q&rfl=2%2Chttps%253A%252F%252Fwww.weeklyvoice.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:57:18 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 06A6 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 17:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Dec 2021 17:53:14 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06A6 0
571 B 120ms
79ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsutzpXxI4To-QxisV4bjyFzFQbH4iv0K4OD4f-menPufOAtb6_aBim-tszqusrJ-rHemleNmrMdLAzth7TPgUQ4mNs3w4gFkdjmhz7tnWJ7KlABYiTru0Vbahvpv1uHHtw79-mcdVXB9WbMrwf8Vtj4ivFWd89ZP9H2G60-rflsmu9JMc81PLpwNiXhFDpxV9GuTR-1IaYaQA3KhjY6y_MLJTboq_15n7JIsRm_0hb_-DDIRTvTX0N4blSriMMNSoEJo9MfkrPVpZLcmFLzxDiQxXd7yjCY7PgOzBeN8FD16xw-b-dw-5798__8yGkGWrZZOnQK7qpVDjnOgSF59vNQzUyeKeR3RHpffATxO_0O1zAYBeBew7NpQt1EfgG4Ky7z6lnrvzVFQWmBGxJ5RcvE9tSQByUW6s6bPUUbCYLGRGQLBjvCQLNESRhqKofp137iX9833_49b4TNnXi-xwTdu40aHL_bwJ6Pp7s-MqaWUGkDaYWjmZ8-gq8MIMn7KU4ak5FfoZVk-EgbMeTBXKp0K_JlJRc8s1Yb74aEcoGHAgna__AHbNhGDkO_6-4N678c8Cv4pEjJuDGVr7DtDIbniJ79jz0uuJcEA2zfyySVmaLOsrLkdLMzcwECM0X7bQX9pRdeamUtBzrHWWS4UGoGwXyw3_ZF-pyTB3yDqZ9BSqbyiNLk-RWpi21GhnDJMrmusAf1RsUWo3aL0EjCI00MsmgYu-40zgXPAgcDLzDAS4BIN8q2Z0RMgOwKP-xLq5ajZtHSdtDmwvYc8BTJrUXHDZ-QDc0uDRbmm2dRzO8TUX9VXmeAe5mSWmcJcnCkMz324r0MMLh1Kr_p8WQZ1-rZhq6yT89yCoyZQQ6ttJMMdbcKrye-EijXHb43YH8WO7Et7lSqaIqyC0NIiCJ7GtAGJMSxNkv14bVrps9sebNFW8AfXT4rWTZkWrR3-634rZrLikJ0rxaVa3HbhLgTjBoDCCerxyTGC_wUgS4RgBaTAJom7KZsF2hJbSGct56qPNIiN9Uvxy3qywHdP-igPKL9_piwVUrRJ4LKKInGCWEovX3j617lzRGX9n3xpljKVQuOK_PMBM410yPskvZwDwV_dIHp2K1KiNia0yCCEuzUpxHvlKkj5nFnNE54c21dvf8KSj-dUfQhjWX98_QiuMjBHF2RxBRpqvub1qfW0Jv7rdCPBCLaM4_MyMhmhB5Ig4Kjs-IX5IOFMz11iWEs1_uNEo4Pb-dB3QgMlcjnHGcTHDmoeoTPzaqbJX2cpKDKvwZX983lgg&sai=AMfl-YSFFBFDACJx6g6bAUc14phtnH0Vh0jrGuS4EsbWJ8NK4P5BS2XcIxtQBrsGviMjhiOiUSrD_zpkwWghrXoSmVPPyKn73LZCsBoQGlzrnAUDLiepkckE3Xu8JoteBaIrSHBIyM_71s5pzrwR9P0HgoVsR1EYwWcaRJghvglyRqLwvFHt3Kz0&sig=Cg0ArKJSzCvqz1_vwj5sEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20211111.44225&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 22 Nov 2021 18:03:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET t.js;adv=11162200899296;ec=11162200899326;adv.a=4232832;c.a=26813668;s.a=1496886;p.a=320119716;a.a=512842627;cache=3810360978;
ad.atdmt.com/i/ Frame 06A6 0
0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 06A6 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 17:49:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 432821
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Thu, 17 Nov 2022 17:49:55 GMT

GET
H2 200 07132021-083552597-KLM_Search_Flights_Fallback_2018_336x280_EN.gif
s0.2mdn.net/4232832/ Frame 06A6 143 KB
143 KB 36ms
13ms Image
image/gif 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4232832/07132021-083552597-KLM_Search_Flights_Fallback_2018_336x280_EN.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daad29020451ec2f89182d8a04d8b47f5d76f28045e756e92e7232043c73245b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 20:42:12 GMT
x-content-type-options: nosniff
age: 76884
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146172
x-xss-protection: 0
last-modified: Tue, 13 Jul 2021 15:35:52 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 22 Nov 2021 20:42:12 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DB7B 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 22 Nov 2021 13:26:12 GMT
expires: Tue, 23 Nov 2021 13:26:12 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 16644
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 06A6 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af744db144bca74e3ea811c5030d2f22fdffab01e6711ad54471ac8b255499ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8316 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 21 Nov 2021 14:25:07 GMT
expires: Mon, 21 Nov 2022 14:25:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 99509
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BC8B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1&C=1

43 B
1014 B

34ms
34ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y3-v4ugEwAQ&v=APEucNXxt3i8-TCoQ_CTyIgS58DoaD7M1aBAu3l68ZRX4isv87pq52CA9CYbAJS45Rvu7caEL951igKDrsCvSjoo8mN1M1GrZbKG5isIobb6nfo_ZO0-hmPpA8rZg66Cc741FPn3lI2Ke_LYw4ddO-ocCa7jVm8CUrIw1Jm78IGKVoN0JGEG6j4
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Nov 2021 18:03:36 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BC8B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZvbeNX7FipN6ACBkAJJKAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1

43 B
894 B

24ms
24ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y3-v4ugEwAQ&v=APEucNXxt3i8-TCoQ_CTyIgS58DoaD7M1aBAu3l68ZRX4isv87pq52CA9CYbAJS45Rvu7caEL951igKDrsCvSjoo8mN1M1GrZbKG5isIobb6nfo_ZO0-hmPpA8rZg66Cc741FPn3lI2Ke_LYw4ddO-ocCa7jVm8CUrIw1Jm78IGKVoN0JGEG6j4
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 22 Nov 2021 18:03:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP7ptOzy_D9zthLzCl0qYLQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame BC8B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDnXVW9r6UUrZIEiKIexBmM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDnXVW9r6UUrZIEiKIexBmM%26google_cver%3D1

43 B
1 KB

33ms
32ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDnXVW9r6UUrZIEiKIexBmM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHcChCgng4Y3-v4ugEwAQ&v=APEucNXxt3i8-TCoQ_CTyIgS58DoaD7M1aBAu3l68ZRX4isv87pq52CA9CYbAJS45Rvu7caEL951igKDrsCvSjoo8mN1M1GrZbKG5isIobb6nfo_ZO0-hmPpA8rZg66Cc741FPn3lI2Ke_LYw4ddO-ocCa7jVm8CUrIw1Jm78IGKVoN0JGEG6j4

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
X-Proxy-Origin: 193.27.14.26; 193.27.14.26; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 374741e4-7e47-48c5-ac4c-059e7accf65e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
X-Proxy-Origin: 193.27.14.26; 193.27.14.26; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 9b7d39d0-ae2a-4ede-a1d7-d9dc4bb7b6a5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEDnXVW9r6UUrZIEiKIexBmM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BC8B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUzNzg0OTU2NzkxMjY1Mzk1OA%3D%3D

170 B
188 B

18ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUzNzg0OTU2NzkxMjY1Mzk1OA%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 22 Nov 2021 18:03:36 GMT
X-Proxy-Origin: 193.27.14.26; 193.27.14.26; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 509b7d05-7b7a-48b3-a246-54ff93ce642e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUzNzg0OTU2NzkxMjY1Mzk1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEudazywdDAiUb9q6AI2mtk&google_cver=1&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM42542EDBcn0mE-b8YFTehDzpb4Yyjt1qAgPQ5iR9s2rQ&google_hm=0BZQ...

170 B
188 B

27ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM42542EDBcn0mE-b8YFTehDzpb4Yyjt1qAgPQ5iR9s2rQ&google_hm=0BZQlxekgLkc3bhksjVLRw

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIv0jU0rkB34z5U5cS1NfdwP0N9OZ6_Yr4AObE5b8DZB5UU0RQLLM42542EDBcn0mE-b8YFTehDzpb4Yyjt1qAgPQ5iR9s2rQ&google_hm=0BZQlxekgLkc3bhksjVLRw
pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame DB7B 43 B
324 B 100ms
16ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJI3OmY3bIO7cvvUatXNBnE&google_push=AYg5qPIO4CBEGlDZ-vNvvpfHy4H1D8-uOzdu4Ntao06GBKi4PT4pH26TZIFarmZe25i9B1G2Ofv_HaQ6p_d0X7DBPdhI8NeIRIWkTQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1366643660291596&output=html&h=280&adk=2386661750&adf=1647188303&pi=t.aa~a.9864595~rp.4&w=395&fwrn=4&fwrnh=100&lmt=1637474540&rafmt=1&to=qs&pwprc=5280672783&psa=0&format=395x280&url=https%3A%2F%2Fwww.weeklyvoice.com%2Fnew-malware-sharkbot-attacking-banking-apps-on-android-phones%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637604215155&bpp=3&bdt=2463&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dea5db1b6572c33d7-2271602de4cb00df%3AT%3D1637604214%3ART%3D1637604214%3AS%3DALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ&prev_fmts=0x0&nras=2&correlator=2982853461906&frm=20&pv=1&ga_vid=2089783268.1637604214&ga_sid=1637604215&ga_hid=739659655&ga_fc=1&ga_cid=323185006.1637604214&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=1045&ady=1615&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066435%2C31063793&oid=2&pvsid=2233374422044921&pem=988&tmod=1957547522&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Asqi4aKY2s&p=https%3A//www.weeklyvoice.com&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEHmeOtltNgRBQL9JNOLFVRE&google_cver=1&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg&google_hm=opCw9wK0zrAvlISzeTla3w==

170 B
188 B

46ms
38ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg&google_hm=opCw9wK0zrAvlISzeTla3w==

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPK-Uahn3ywvVrW2ZnmjBGSdxChkjvVmbQxzU98RqNl13yeTc16bx0lhyZq6XqObRiBZQNcCdoVpvDy3rj8gjG_8NsbEJLJDcg&google_hm=opCw9wK0zrAvlISzeTla3w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: bkt7t9lu7mpt8fjq5hs0kiptgg2455fm

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL3xLAHCA9_UJi_DYkuhSmU2HoBeYiYefzprDtjsWqyvhLtEDaye30_4_AefpckXwhACnuLavlGrHMvl1Zysobnq3iAIko3bA

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3TclL3ILSZiRNW_auUlbUQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPL3xLAHCA9_UJi_DYkuhSmU2HoBeYiYefzprDtjsWqyvhLtEDaye30_4_AefpckXwhACnuLavlGrHMvl1Zysobnq3iAIko3bA
date: Mon, 22 Nov 2021 18:03:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPq4JBzkLBpNy2FT-oH8qfc&google_cver=1&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dBWjlPVUUtVS01RVJZ&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU_OYYC_UbyZ9SsG4kUaAjrn2UXjw

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dBWjlPVUUtVS01RVJZ&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU_OYYC_UbyZ9SsG4kUaAjrn2UXjw

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dBWjlPVUUtVS01RVJZ&google_push=AYg5qPKsSyy30hUE32CirE4MiAybXSWiF21RcbNuL9q5tDyLrNSSgfiJgHEkIT5CAmf-9tloHoU_OYYC_UbyZ9SsG4kUaAjrn2UXjw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 0963d041a95f271fbba7f411adc03573
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468T...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DB7B
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEGU4_0-LJRK3kddwr2SVtAI&google_cver=1&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34L...
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34LOu1t_jQ&google_hm=xi-ekcc6T72EWu...

170 B
188 B

18ms
10ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34LOu1t_jQ&google_hm=xi-ekcc6T72EWuVDF9ZVzg

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLWc6xYYayNoOswixnjYXV4Nh9d2zr6xbQivl1Q2LDumeymvFBnTWqL4O48pT-B98iOehS21BELJQPXwlFHM4Bz34LOu1t_jQ&google_hm=xi-ekcc6T72EWuVDF9ZVzg
pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: no-cache
content-length: 0
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DB7B 0
12 B 63ms
60ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LFQY_VyR7jEhI8q1FgqIPPydf1dhluxYcV5zSKfiNeA3w1yVkXIXIHFF48Woj0EqGsP7Gn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:36 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 8316 35 KB
13 KB 21ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 120850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 08:29:26 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 06A6 0
23 B 69ms
53ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0EA4 42 B
64 B 77ms
47ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthhOlRsRbEpA3wyDxis8ai8qQoHI46isJttWXrakGnJairKo_VRCZs1WB9_bL0Kr682G5KWqdR3mCJOppGHlmRjlKZP7NuYCB20j34Q56wMIm24Fe8NA&sai=AMfl-YRdvLUwb8zQJ529qyYjfThggdkZ-VZo1Wd8L1nZx1XS7bPQezBtMhY4PvoHXtbWt_BhWdUTzfp34vyX&sig=Cg0ArKJSzL7ksedG6miHEAE&id=lidar2&mcvt=1013&p=0,0,124,1005&mtos=120,809,1013,1103,1229&tos=120,689,204,90,126&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637604215239&rpt=194&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8316 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bo09peNubYZS5E-SS7_UPkMq1yA4AAAAAOAHgBAI&bg=!-Pul-7_NAAZQLpa_UC47ACkAdvg8WlM8Tvz9ZtQdtj2iRwBCWA6AQzPnz0LHcJJZAFRx2LBPGA1WvgIAAACHUgAAAA1oAQeZAtsFfkqzvTGrzkavUkxEC4CYP4xTON-ycgM2WbwH6pAQXRcbPjXmpIClbglLyhGGTWlWtEcdAk-PUuepgjtmdW8J6ZcLMn891JVvp0jJlfAPxCCGk4Zt7V41mtdNEvpszzt8JIytYUYC_vy7pdihRrizFgwmfph7n4WByMERalp5nLHp0PVHMCZvwJyQIMTUscYc3909Lo2GMn_-WOvOpEMTZX85U5Io-awqybaEUVZtl2ZHRsoN86j6CSV5GQR5GvQHn51m7gDGIY4TFdqIi9sIOfRGRjSbdZZy4-9BOtk1ZdUJHCZiPFb45apEedl4Knb4Nu9uUJPSTHO7ggj8uyOtE7J8K2zeMMfof7v0inqUsVgpYvOvPRe7KHU15L-kMUvUrsTjleQfqVvFEkcJk-GYfGkfhsvZUT-owuY6JWIzvUZKvxrK_aISbbrK9t2ztR3aplD9-HHVixVsPOUXnDDgUZi80igrjTyRcIFhJ8Sd4nG3E0BNsRS3MwAc7Goxizc9HVxHedQroR4w7EI1_wSha7upU2ShscQOz8LoxLJMMTug8fYmZNcYNmw2RqoJZs3dn9l8Re0cAvmVhKbSjcQwGGKxzv21FKvERtyTDb2W-abtYDksRkIoWPGxiOhLsqf7EMm_knNR5x4hEyjjMY4KXhS37HmXVbiGmqH61fz_cwJk-qu0k2h3XkhPKVak-3m0Dmz2hhtbzH2NNVJPUFOHIjD6o97TRRyVBuUioT1z4LoK6fhj3fVQrsC7tnCo4cYBF_RyhUEgmwhl85uEtGy3YwPunAAYPMJhzo--gwdAJZiBEkNIJ4jOMnoj7-j9fKCNYwxAR3Hdy7cy7gWNYTimC3G8rRsfpFExiaD5eI63IBrGzFuCC46oBj062x5G7p255I81M3DvVUdHTTESW1exsQn01L3kWzN_mIcC-Wjp0ewIwswBX5NERMQ1_VCc2PW-6eUQB5LvNjz6ZA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK admin-ajax.php Show response
www.weeklyvoice.com/wp-admin/ 1 B
664 B 2898ms
2898ms XHR
text/html 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.weeklyvoice.com/wp-admin/admin-ajax.php

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

server.weeklyvoice.com

Software

Apache /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 22 Nov 2021 18:03:36 GMT
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: Keep-Alive
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://www.weeklyvoice.com
Cache-Control: no-cache, must-revalidate, max-age=0, smax-age=0
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex
Keep-Alive: timeout=5, max=98
X-Accel-Expires: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK WeeklyVoice_728x90.jpeg
www.weeklyvoice.com/wp-content/uploads/2021/10/ 47 KB
48 KB 146ms
146ms Image
image/jpeg 142.4.25.154
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weeklyvoice.com/wp-content/uploads/2021/10/WeeklyVoice_728x90.jpeg
Requested by: Host: www.weeklyvoice.com
URL: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 142.4.25.154 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.weeklyvoice.com
Software: Apache /
Resource Hash: 5083bc115f649d8d830c2b0cfdc5e5353abae99515d6a4eeb1498c0abf8f83f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/new-malware-sharkbot-attacking-banking-apps-on-android-phones/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 22 Nov 2021 18:03:36 GMT
Last-Modified: Fri, 29 Oct 2021 19:16:32 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 48420

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 21ms
20ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb6fccbae331a0ad9b63d38e9527f805d6d26f032d7097392e59397043b56963

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 22 Nov 2021 18:03:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9181
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:03:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 22 Nov 2021 18:03:36 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9CDF 12 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 22 Nov 2021 17:57:08 GMT
expires: Tue, 22 Nov 2022 17:57:08 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 388
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FAE9 783 B
535 B 22ms
21ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5364a08f03161607e67987ac992873cd5b03cfe095d93115d55329d19075db9f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aSLDJN7sTKtIAcnI4BJn4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 22 Nov 2021 18:03:36 GMT
date: Mon, 22 Nov 2021 18:03:36 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-aSLDJN7sTKtIAcnI4BJn4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9CDF 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CRtE2hXI-Oo2CzbqEvynNThBTGvKRH_6so9ly1Scye0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 08:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 120850
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13332
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 21 Nov 2022 08:29:26 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FAE9 0
0 51ms
50ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=2233374422044921&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 48ms
47ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=2233374422044921&bg=!zc6lzorNAAZQLpa_UC47ACkAdvg8WgsMdZjZHgNfk_wf2h51Ofn2uIiKFtFk9xgugwtShR8l8cWdlAIAAABsUgAAAAloAQcKAOJZ11UHcqsQvwMPR73OYsQccRFjwiz7Dyk6n3r54W7ZBVrF-d6MBYbZyQkvREwC0vEXQboc-9_zesSXxESnLVbvGdbpKzbkBuPKvysPrhau4-3TDFdDIiIPvQY0OewWSanq1finVJefdUzc9_C1fzWTRDIBtHT55pnZs6IH5RgnQnltVzFURy-8qgi4tsC4LQ7ws0Iqte3yYUN7IUHFIj3ESS86tivOSEToqVpzu5P1qmhyUcMRqAEOFiWzmr-6hEMR66AVzPD42X8q1A4-lHWVuMmhQzw_kScshTDK5OcuLeqomQJxygsmfWpNXwian-5qfJnKEKX_2nqiLRSjoHSh_d4MbzuP8LMp7O77WyYuUTGQ-ccC8DIhpPL58sFBHiaLxdlo8avOhBkYU-ddobRMlgy5ihexqRJ-_zUnXc05nZJ8y9Fs5K_1RQuCwvb0cOAK4-BRYcA6Jj1Xkne4WkpeHyI-cWs1E8KKtpbZkj5yUG8rK8yElzJ4gIxQRd7P_ZFGM4vxnpzsIpk7A0dROcTUC4hJC1C1DUMK7xtqeOHX33Jyp7mB5JlfkBZwiBlBdKzfwZZ54LjCvLpWVp0JBybU3Kqt643oPrA-FwnpZyY0qbHl4-i0_-ZZo7Ypq2h2nA4q3-b6EgcIvr0QhKNevqAVLnw6fwFPFdpQBAe27rRxY_LvBWk0MBivbTFKJHevyUvgccZdfmfja3sFSarukRARXbYgYKcUGkzM33ZsQ-BulOAU-5qGdKUzzFRRCCck5pxVjhZO-oc0LBjGYNGe8XXeis1rArhOqw0cvZpmEv2AmMSZs-yFxlgHUKYVQEsp1wwe4rcEHy9ug7AIEROMdJEyG7AF9aD3sVBHh8-K4SLtG55L9kyabT0hKA04obEluQyaqHjj49cvu8_98ddDnE-24Zg8pP6v1mBCdvTNJ5Oh98ZlolbqP0KQqGYVN5FFnqL-0AHKkmCij9j06cfiN6SGpcllZXp0kiSdnVhJxUUs0LI8YRg0KVS0CHskDjmeukuAnCo6yVxmkYDh1Ls4xWgxQ1CeWCfZHARldlPH1biRUOq6y0q_J-ukvJPWXbt7BI-kiuuPK6OqpTyJ1Zl3OxTUksU2bHgZjizWyT9Ei432V-LHd4sStw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.weeklyvoice.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Nov 2021 18:03:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEModbqNO0qenAffTPNCV0j8&google_cver=1&google_push=AYg5qPIAtWPZqjB07NcD3VdiV7izfwI-QUW6bQoOIyeuKtThsgGISEyuufWXGymbe5GkIXrL4YLYf_CkVUfZ3jIB-rppY4aeSNM

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/t.js;adv=11162200899296;ec=11162200899326;adv.a=4232832;c.a=26813668;s.a=1496886;p.a=320119716;a.a=512842627;cache=3810360978;

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1

Verdicts & Comments Add Verdict or Comment

237 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.weeklyvoice.com/	1970-01-19 22:54:50	Name: _gid Value: GA1.2.323185006.1637604214
.weeklyvoice.com/	1970-01-19 22:53:24	Name: _gat_gtag_UA_16792920_1 Value: 1
.weeklyvoice.com/	1970-01-20 16:24:36	Name: _ga_PV2QX9SDC5 Value: GS1.1.1637604214.1.0.1637604214.0
.weeklyvoice.com/	1970-01-20 16:24:36	Name: _ga Value: GA1.2.2089783268.1637604214
.weeklyvoice.com/	1970-01-19 22:53:24	Name: _dc_gtm_UA-16792920-1 Value: 1
www.weeklyvoice.com/	1970-01-19 23:36:36	Name: advanced_ads_browser_width Value: 1600
www.weeklyvoice.com/	1970-01-23 14:29:24	Name: advanced_ads_page_impressions Value: 1
.weeklyvoice.com/	1970-01-20 08:15:00	Name: __gads Value: ID=ea5db1b6572c33d7-2271602de4cb00df:T=1637604214:RT=1637604214:S=ALNI_MZ4qGfS125YcYAwExzBz3qedih7WQ
.doubleclick.net/	1970-01-19 22:53:27	Name: DSID Value: NO_DATA
.quantserve.com/	1970-01-20 01:03:00	Name: d Value: EFgBCQHkJIEA
.quantserve.com/	1970-01-20 08:23:38	Name: mc Value: 619bdb78-1ab6d-998ad-25544
.openx.net/	1970-01-20 07:39:00	Name: i Value: ae6a0592-02b5-4869-9336-00ecce075398\|1637604216
.pubmatic.com/	1970-01-19 22:54:50	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 01:03:00	Name: KADUSERCOOKIE Value: DD37252F-720B-4998-9135-6FDAB9495B51
.innovid.com/	1970-01-20 01:03:00	Name: uuid Value: c62f9e91-c73a-4fbd-845a-e54317d655ce-20211122 13:03:36
.doubleclick.net/	1970-01-20 08:15:00	Name: IDE Value: AHWqTUmDdEJsbzWt3sFkr23GMO7C89VYYDTqu95Tf3SL1fDfRnbQbYObDb1Hw2JqH1g
.e.dlx.addthis.com/	1970-01-20 08:23:38	Name: na_tc Value: Y
.addthis.com/	1970-01-20 08:23:38	Name: na_id Value: 2021112218033600010781758411
.addthis.com/	1970-01-20 08:23:38	Name: na_tc Value: Y
.addthis.com/	1970-01-20 08:23:38	Name: uid Value: 619bdb78cd90df62
.addthis.com/	1970-01-20 08:23:38	Name: ouid Value: 619bdb780001538ecffffe1b4bc0a6274bc55ee8169d9ca1460f
.dlx.addthis.com/	1970-01-19 23:36:36	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 23:36:36	Name: na_sr Value: 20211122
.dlx.addthis.com/	1970-01-19 22:53:24	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 23:36:36	Name: na_sc_e Value: 0
.adnxs.com/	1970-01-20 01:03:00	Name: uuid2 Value: 1047293845091377157
.casalemedia.com/	1970-01-20 01:03:00	Name: CMPS Value: 3230
.adnxs.com/	1970-01-20 01:03:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In2rGjtQ!]tbPl1M>e)ZlrFUfJ+tGXxo7C>:t-E[c/2FQp#qGWsVVG8$Xm^NC6=rxIa7bpRzqF1`ba]JP`>H
.casalemedia.com/	1970-01-20 07:39:00	Name: CMID Value: YZvbeNX7FipN6ACBkAJJKAAA
.casalemedia.com/	1970-01-20 01:03:00	Name: CMPRO Value: 1131
.casalemedia.com/	1970-01-19 22:54:50	Name: CMST Value: YZvbeGGb23gA
.casalemedia.com/	1970-01-20 07:39:00	Name: CMRUM3 Value: 2d619bdb782760CAESEP7ptOzy_D9zthLzCl0qYLQ

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ad.atdmt.com/i/t.js;adv=11162200899296;ec=11162200899326;adv.a=4232832;c.a=26813668;s.a=1496886;p.a=320119716;a.a=512842627;cache=3810360978; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network	error	URL: https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEModbqNO0qenAffTPNCV0j8&google_cver=1&google_push=AYg5qPIAtWPZqjB07NcD3VdiV7izfwI-QUW6bQoOIyeuKtThsgGISEyuufWXGymbe5GkIXrL4YLYf_CkVUfZ3jIB-rppY4aeSNM Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZvbeNX7FipN6ACBkAJJKAAABGsAAAIB&google_gid=CAESEMyNZ99OmzNFiFVWqm0JpjI&google_push=AYg5qPIblDYWZfcOC7LIfPkYXXiqnDODXzG7Q80GOD2p81w468TB33pIvQRZhTZcrJebdLUydpRAUE8eYoMm6swbnXqb6TSJA4A-8g&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.gravatar.com
ad.atdmt.com
adservice.google.com
adservice.google.de
ag.innovid.com
api.pinterest.com
c0.wp.com
cm.g.doubleclick.net
cms.quantserve.com
dsum-sec.casalemedia.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
ib.adnxs.com
image6.pubmatic.com
jetpack.wordpress.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
pixel.wp.com
public-api.wordpress.com
rtb.openx.net
s0.2mdn.net
s0.wp.com
stats.g.doubleclick.net
stats.wp.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.weeklyvoice.com
ad.atdmt.com
cm.g.doubleclick.net
pixel.rubiconproject.com
104.111.215.191
142.250.185.194
142.250.185.66
142.250.186.98
142.4.25.154
184.30.24.193
192.0.76.3
192.0.77.32
192.0.77.37
192.0.78.23
192.0.78.32
198.47.127.19
2.18.234.21
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:802::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:812::2006
2a00:1450:4001:813::2004
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a00:1450:400c:c06::9d
2a03:2880:f02d:110:face:b00c:0:2
2a04:fa87:fffe::c000:4902
2a05:d01c:1d8:8102:9b42:ec:9152:470a
34.202.255.214
34.98.67.61
35.227.252.103
37.252.172.250
8.39.36.141
0072f2a89bd32697c990a647ce4577265131df2f7d089ecef8eb14d50abdfb36
04c2d6201a212712d23699457086425b974815cecd9952b2e77da11d5640374b
050610189d6919c379e3bc94a4a860fa974caddbdb84c26d6f474df1c888e6cf
077e4b9a1a79f87568a5e1ed0b6c83fdd25570eae04933a3df9fba017ce0d5b8
091b44da15c8f8ea360b36ea12fca73538414c6bca447ffab28f65cb549cc9ed
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cb4edee34756a87f0334b61cb87f03097cd8cae45ebe5905fb874c00918ca69
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0ecefd1b948c0492a29b09eb7b360ec3d2f1ff5095ebe3dcf0181009a971abd6
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
17d8e434453e652e0612cb54d106c9e14ad60d07bf451e41745fa383aeb874bd
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18ab1fab2a8a6c5339c314a3072f50d0f7e93ca06bf374cafd2f941568ead41a
18fb45dd36699a3d33b4ad47342f7f7ef7089dfa91c4baa2a24e6846db8cd5f7
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1dfffaca39c5864898e2ea3fe3b4a06bd583f304cf51bd52d0f0eaac91a17ec9
1f07541ee5862a20ad605927adbbf344f7cae47b964c2278da50c094daecbbd1
2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33abec422131ee85a09ca016cdbc474fee0b47e3a98a177ce6e6456b137885b0
3491c57c07a1a20ad620144b850210b393c13d53eaa5992f6f3950220c8b16ed
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3d19016429f069a9527f62f75c06a01777efb99fe53f796037db9dd7c66bd3ec
3e2fc01d30979439db51337c4cbda985ea72963272ac61791dcf214c7558ad6e
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
46630481b510df7aad4b0390cfbe097b30389db41817a689bb5f8a7050a6ee47
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d4db5f1e2c1032037c2fbad934bd09c13c4d450877813b33b755ea2b2899814
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e7c5a080f64a21a8c251f1f395b8b4fe4f6533d338b7147598fafb2ad50234c
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5083bc115f649d8d830c2b0cfdc5e5353abae99515d6a4eeb1498c0abf8f83f3
5364a08f03161607e67987ac992873cd5b03cfe095d93115d55329d19075db9f
5a7abec13d1753040e37e3ab6273b17bcd3deb411a49f9c64f859ecc3d2ddd5b
5b7d9d3dceb75010ec53276c6b6a27d9287dba0566d81c1da23ce0188e5b3d01
5c3cb71138ba89f1cf2419b37b83b35f896ec41631b116926520ae31541fd9bb
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5e30e581238c8cab0a07a60b059357514320e34884fdefd5b5bd0b016f078025
60ab34bff2ae5f2925424e1e3a070ee099360662cce130cf9ba4624fc5c627f5
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d56c28dd5e18c12195fbbea15afa3d123db1408088b146d2e9745d37c8dff16
6dbc8cfbc81efa23f320c6dc3c28eaa630c90da843252735153fbdb8b2ea8ec0
70e6c2e2f31d014ee4706e74ecdbe0971d7ee0a0eef4e8877a7338772e8dae06
7d730d958599587aee3ee598871cc31de21c73d08a2d45dc437e62438ae753a3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8c887d94983431d14b0f5eff7cc5c7fd9838e4356864608fbf9dcf81462badef
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8d53e4a65bce59dbaa77eb34cadf27e060501f6efaf36a486575915895fb9001
9094f02cdc23d24def31495f065e15e352b09991af8130d4b46b4b4914fcf3f2
92240070626cdf9677e6e3b1282069977bcf5395ada82ff0748b5e40472277fa
978fe97618d0d0487fbb460c569ceea2a6ae89dc4a3db36a3f3a04193efca66d
98defe923c47c5fd56e1f601cad6dcc9e720c7ea1ec172b5bcfdd977f6a13fef
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0ea2fa35271c78084c0244430b865af459ba144154779a691b70fedb0a3f0e8
a14ea03c678fe3a3ac453e1778b500e39bd693d46843141ad49536f0760012d2
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a43c2fa3db50574285a17510cee98a1f29020b861c9886e91e6284c91ba09033
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a925cb8e68c44196c6c9d57999b2118d3075146afc3659e5dd65cea6249f8fa8
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ae0e0c5bb797bd94d3c306c8211452bca1736b0350374d78548c8c28c0d56285
ae82e42491a7de3c5d3df779e9600e5191708025e8c46102ccfa7026df735d64
af744db144bca74e3ea811c5030d2f22fdffab01e6711ad54471ac8b255499ae
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2438f7abd6d0375058865a2c2ec50f20691b6a74d53e1071dcb366d97a6c70e
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
ba658123b6afaf36407b950f9cb29a8db6f6110afdfb1a86ba9ae045bd915169
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c32d7224708edfed172b6e6ec3242b3d16df511594cafa8d45352eeebb41f5b6
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c9b2835b373209ed2060fd1ad3274e171d051788364d4ac77d64703f9f396ce9
cb6fccbae331a0ad9b63d38e9527f805d6d26f032d7097392e59397043b56963
cbec7579d8c2963f13b8ef90847bef861b534371bfd2dab99ebb09ff1528b0e9
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d822b00c4b7986670f14de531f4bb397679b7466be5698171e7d642c2f3dffcb
daad29020451ec2f89182d8a04d8b47f5d76f28045e756e92e7232043c73245b
db8deb30d5cecf873a6361b5410aed53a439e46072dcd6af4dc2481e44ea2a59
dd6622300d2454b8cca34802b8e39b34906c08474bfe7154031f98cb8e333a97
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e4c76677234628023c3ac327132686a52ec76a881d6780292bfbc63b91651c
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e8df3ffb44b5ad286a283a4a33434ce4ff41e5ad52df9a9394411a335abc0fe0
ea8d8d733a1aa08482aa3c858c4c12a3a298789c1bf2e293287bc64878fa2a9d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4b77426203b62cf2fa1278ffb7df57ee7cf162be82a6899aba9c9b729722495
f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23
f6e9747ea3cf98433c117e49cb0bd368aafcf6d3c0628532b947e2e55236bf96
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
fca1e958a7a53ed996ffd96f21cb6614d95253de81ba6f828ca35f4dd863425a
fcfa97fe2f9a135f588f48df4d5a377915ed84a21267251646b0e6a4f59945c3
ff58a8bbd4b0bc0e3ddb026d5b8771c276192de94b8707da1242b0537186c1a9

www.weeklyvoice.com Open in urlscan Pro 142.4.25.154 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

152 Requests

89 %HTTPS

50 %IPv6

28 Domains

38 Subdomains

32 IPs

5 Countries

4624 kBTransfer

6462 kBSize

32 Cookies

14 Outgoing links

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.weeklyvoice.com Open in urlscan Pro
142.4.25.154 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

89 %
HTTPS

50 %
IPv6

28
Domains

38
Subdomains

32
IPs

5
Countries

4624 kB
Transfer

6462 kB
Size

32
Cookies

152 HTTP transactions
20 data transactions