urlscan.io logo urlscan.io
SecurityTrails logo

www.bleepingcomputer.com Open in urlscan Pro
104.20.60.209  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Submission: On September 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 104 IPs in 10 countries across 100 domains to perform 361 HTTP transactions. The main IP is 104.20.60.209, located in and belongs to CLOUDFLARENET, US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 16th 2020. Valid for: 2 years.
This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.20.60.209 13335 (CLOUDFLAR...)
1 142.250.185.234 15169 (GOOGLE)
36 104.26.13.6 13335 (CLOUDFLAR...)
5 172.67.68.60 13335 (CLOUDFLAR...)
1 142.250.186.72 15169 (GOOGLE)
1 1 142.250.184.196 15169 (GOOGLE)
1 172.217.23.99 15169 (GOOGLE)
41 142.250.185.194 15169 (GOOGLE)
7 184.30.24.121 16625 (AKAMAI-AS)
1 104.16.95.65 13335 (CLOUDFLAR...)
1 10 151.101.66.137 54113 (FASTLY)
1 143.204.98.46 16509 (AMAZON-02)
2 143.204.98.113 16509 (AMAZON-02)
4 142.250.186.35 15169 (GOOGLE)
5 143.204.98.120 16509 (AMAZON-02)
1 142.250.186.134 15169 (GOOGLE)
1 2.18.234.190 16625 (AKAMAI-AS)
2 142.250.184.238 15169 (GOOGLE)
3 4 91.228.74.226 16509 (AMAZON-02)
3 2.18.235.40 16625 (AKAMAI-AS)
11 27 142.250.181.226 15169 (GOOGLE)
2 35.201.71.192 15169 (GOOGLE)
5 18.224.208.55 16509 (AMAZON-02)
1 143.204.98.34 16509 (AMAZON-02)
2 108.128.233.207 16509 (AMAZON-02)
1 143.204.98.59 16509 (AMAZON-02)
2 151.101.1.140 54113 (FASTLY)
1 4 143.204.98.82 16509 (AMAZON-02)
1 143.204.98.71 16509 (AMAZON-02)
1 35.241.45.217 15169 (GOOGLE)
1 142.250.186.98 15169 (GOOGLE)
1 1 104.21.192.119 13335 (CLOUDFLAR...)
1 172.67.70.134 13335 (CLOUDFLAR...)
4 15 2.18.234.21 16625 (AKAMAI-AS)
3 142.250.184.194 15169 (GOOGLE)
1 151.101.2.137 54113 (FASTLY)
4 142.250.181.234 15169 (GOOGLE)
1 104.26.2.70 13335 (CLOUDFLAR...)
1 52.17.148.138 16509 (AMAZON-02)
5 143.204.95.188 16509 (AMAZON-02)
3 143.204.98.20 16509 (AMAZON-02)
1 130.211.23.194 15169 (GOOGLE)
2 178.250.2.146 44788 (ASN-CRITE...)
1 143.204.101.79 16509 (AMAZON-02)
1 2.18.234.163 16625 (AKAMAI-AS)
2 185.64.189.112 62713 (AS-PUBMATIC)
2 184.31.84.150 16625 (AKAMAI-AS)
2 52.208.100.147 16509 (AMAZON-02)
4 104.16.190.66 13335 (CLOUDFLAR...)
5 13 185.33.220.241 29990 (ASN-APPNEX)
2 18.185.169.108 16509 (AMAZON-02)
1 34.149.20.76 15169 (GOOGLE)
16 35.244.159.8 15169 (GOOGLE)
8 52.29.213.60 16509 (AMAZON-02)
11 18.156.195.47 16509 (AMAZON-02)
2 34.107.148.139 15169 (GOOGLE)
2 35.212.217.28 15169 (GOOGLE)
2 213.19.162.61 26667 (RUBICONPR...)
1 142.250.185.102 15169 (GOOGLE)
2 151.101.2.133 54113 (FASTLY)
2 52.57.157.170 16509 (AMAZON-02)
1 35.156.230.193 16509 (AMAZON-02)
1 54.173.185.122 14618 (AMAZON-AES)
1 34.120.133.55 15169 (GOOGLE)
1 3 34.253.111.115 16509 (AMAZON-02)
1 34.210.233.105 16509 (AMAZON-02)
2 10 13.248.242.197 16509 (AMAZON-02)
1 104.17.119.107 13335 (CLOUDFLAR...)
1 67.202.105.21 32748 (STEADFAST)
3 2.18.233.180 16625 (AKAMAI-AS)
4 12 76.223.111.18 16509 (AMAZON-02)
2 151.101.129.108 54113 (FASTLY)
2 2.18.235.93 16625 (AKAMAI-AS)
2 104.109.78.125 16625 (AKAMAI-AS)
8 11 52.58.182.33 16509 (AMAZON-02)
5 5 18.194.125.59 16509 (AMAZON-02)
2 2 143.204.98.96 16509 (AMAZON-02)
10 10 52.16.151.94 16509 (AMAZON-02)
2 24 185.64.189.110 62713 (AS-PUBMATIC)
3 185.86.138.142 201081 (SMARTADSE...)
5 5 185.29.134.244 30419 (MEDIAMATH...)
5 6 37.157.2.239 198622 (ADFORM)
1 1 198.148.27.139 19189 (PULSEPOINT)
2 108.174.11.85 14413 (LINKEDIN)
3 4 212.82.100.176 34010 (YAHOO-IRD)
2 204.79.197.200 8068 (MICROSOFT...)
4 8 52.46.154.242 16509 (AMAZON-02)
2 2 70.42.32.159 22075 (AS-OUTBRAIN)
3 3 46.228.164.11 56396 (AMOBEE)
2 185.64.190.78 62713 (AS-PUBMATIC)
3 5 159.253.128.183 36351 (SOFTLAYER)
1 1 52.86.150.190 14618 (AMAZON-AES)
1 1 193.0.160.129 54312 (ROCKETFUEL)
1 2 52.70.17.21 14618 (AMAZON-AES)
3 3 66.155.71.150 13768 (COGECO-PEER1)
2 3 18.156.0.31 16509 (AMAZON-02)
2 2 213.155.156.169 1299 (TELIANET ...)
1 178.250.0.163 44788 (ASN-CRITE...)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
1 1 162.55.6.212 24940 (HETZNER-AS)
3 3 213.19.147.45 26120 (RHYTHMONE)
1 104.26.11.209 13335 (CLOUDFLAR...)
1 63.251.232.170 29791 (VOXEL-DOT...)
1 1 87.98.228.78 16276 (OVH)
1 2 104.18.13.5 13335 (CLOUDFLAR...)
1 2 151.101.129.44 54113 (FASTLY)
1 169.197.150.8 398989 (DEEPINTENT)
2 185.64.189.114 62713 (AS-PUBMATIC)
3 3 51.210.112.63 16276 (OVH)
2 3 18.184.216.10 16509 (AMAZON-02)
1 1 51.255.68.171 16276 (OVH)
1 63.215.202.140 41041 (VCLK-EU-SE)
3 4 151.101.194.49 54113 (FASTLY)
1 1 159.65.197.210 14061 (DIGITALOC...)
1 1 34.98.107.212 15169 (GOOGLE)
1 1 185.33.220.240 29990 (ASN-APPNEX)
1 52.18.52.16 16509 (AMAZON-02)
3 6 69.173.144.138 26667 (RUBICONPR...)
1 87.248.118.22 203220 (YAHOO-DEB)
1 35.244.174.68 15169 (GOOGLE)
2 185.64.190.81 62713 (AS-PUBMATIC)
2 2 38.27.122.158 174 (COGENT-174)
1 1 34.204.22.100 14618 (AMAZON-AES)
2 2 35.201.96.126 15169 (GOOGLE)
1 185.64.189.229 62713 (AS-PUBMATIC)
1 2 77.243.60.138 42697 (NETIC-AS)
1 104.22.25.87 13335 (CLOUDFLAR...)
1 52.86.83.177 14618 (AMAZON-AES)
1 1 34.192.90.164 14618 (AMAZON-AES)
361 104
1    104.20.60.209 (None, )

ASN13335 (CLOUDFLARENET, US)
www.bleepingcomputer.com
1    142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net
fonts.googleapis.com
36    104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)
www.bleepstatic.com
5    172.67.68.60 (United States)

ASN13335 (CLOUDFLARENET, US)
a.pub.network
1    142.250.186.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f8.1e100.net
www.googletagmanager.com
1    142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net
www.google.com
1    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f99.1e100.net
www.gstatic.com
41    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
pagead2.googlesyndication.com
7    184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com
s9.addthis.com
v1.addthisedge.com
m.addthis.com
s7.addthis.com
api-public.addthis.com
1    104.16.95.65 (None, )

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
10    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
cd.connatix.com
cds.connatix.com
img.connatix.com
1    143.204.98.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-46.fra50.r.cloudfront.net
ecdn.analysis.fi
2    143.204.98.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-113.fra50.r.cloudfront.net
ecdn.firstimpression.io
cdn.firstimpression.io
4    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
fonts.gstatic.com
5    143.204.98.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-120.fra50.r.cloudfront.net
quantcast.mgr.consensu.org
1    142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net
ad.doubleclick.net
1    2.18.234.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com
widgets.outbrain.com
2    142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
www.google-analytics.com
4    91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
3    2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
s-jsonp.moatads.com
27    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
2    35.201.71.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.71.201.35.bc.googleusercontent.com
d.pub.network
c.pub.network
5    18.224.208.55 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-224-208-55.us-east-2.compute.amazonaws.com
capi.connatix.com
1    143.204.98.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-34.fra50.r.cloudfront.net
rules.quantcount.com
2    108.128.233.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-233-207.eu-west-1.compute.amazonaws.com
tracking1.firstimpression.io
1    143.204.98.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-59.fra50.r.cloudfront.net
test.quantcast.mgr.consensu.org
2    151.101.1.140 (United States)

ASN54113 (FASTLY, US)
www.reddit.com
4    143.204.98.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-82.fra50.r.cloudfront.net
sb.scorecardresearch.com
vpaid.springserve.com
1    143.204.98.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-71.fra50.r.cloudfront.net
audit-tcfv2.quantcast.mgr.consensu.org
1    35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com
pghub.io
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googletagservices.com
1    104.21.192.119 (None, )

ASN13335 (CLOUDFLARENET, US)
freestar-io.videoplayerhub.com
1    172.67.70.134 (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
15    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
3    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
securepubads.g.doubleclick.net
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
vid.connatix.com
4    142.250.181.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f10.1e100.net
imasdk.googleapis.com
1    104.26.2.70 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    52.17.148.138 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-148-138.eu-west-1.compute.amazonaws.com
vid.springserve.com
5    143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net
c.amazon-adsystem.com
3    143.204.98.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-20.fra50.r.cloudfront.net
tagan.adlightning.com
1    130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com
api.btloader.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    143.204.101.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-79.fra50.r.cloudfront.net
dggaenaawxe8z.cloudfront.net
1    2.18.234.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-163.deploy.static.akamaitechnologies.com
s.ntv.io
2    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
2    184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
2    52.208.100.147 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-100-147.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
4    104.16.190.66 (None, )

ASN13335 (CLOUDFLARENET, US)
dmx.districtm.io
cdn.districtm.io
13    185.33.220.241 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    18.185.169.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-169-108.eu-central-1.compute.amazonaws.com
tlx.3lift.com
1    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
16    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
freestar-d.openx.net
eu-u.openx.net
us-u.openx.net
8    52.29.213.60 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
11    18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
2    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    35.212.217.28 (The Dalles, United States)

ASN15169 (GOOGLE, US)
PTR: 28.217.212.35.bc.googleusercontent.com
grid.bidswitch.net
2    213.19.162.61 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net
s0.2mdn.net
2    151.101.2.133 (United States)

ASN54113 (FASTLY, US)
cdn.krxd.net
2    52.57.157.170 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-157-170.eu-central-1.compute.amazonaws.com
uat5-a.investingchannel.com
1    35.156.230.193 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
1    54.173.185.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-185-122.compute-1.amazonaws.com
jadserve.postrelease.com
1    34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
3    34.253.111.115 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-111-115.eu-west-1.compute.amazonaws.com
id.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
1    34.210.233.105 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-233-105.us-west-2.compute.amazonaws.com
id.sharedid.org
10    13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
1    104.17.119.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
1    67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
3    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
12    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    151.101.129.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
2    104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
11    52.58.182.33 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-182-33.eu-central-1.compute.amazonaws.com
x.bidswitch.net
5    18.194.125.59 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-125-59.eu-central-1.compute.amazonaws.com
pm.w55c.net
2    143.204.98.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-96.fra50.r.cloudfront.net
cm.smadex.com
10    52.16.151.94 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-151-94.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
24    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
simage2.pubmatic.com
3    185.86.138.142 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
5    185.29.134.244 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
6    37.157.2.239 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
2    108.174.11.85 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-11-85.fwd.linkedin.com
px.ads.linkedin.com
4    212.82.100.176 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: pr-bh-ing.pbp.vip.ir2.yahoo.com
pr-bh.ybp.yahoo.com
2    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
8    52.46.154.242 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    70.42.32.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
3    46.228.164.11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
2    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
5    159.253.128.183 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com
um.simpli.fi
1    52.86.150.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-150-190.compute-1.amazonaws.com
sync.extend.tv
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
2    52.70.17.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-17-21.compute-1.amazonaws.com
um2.eqads.com
3    66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
3    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    213.155.156.169 (Uppsala, Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com
d5p.de17a.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
1    162.55.6.212 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.212.6.55.162.clients.your-server.de
csync.loopme.me
3    213.19.147.45 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    104.26.11.209 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
1    63.251.232.170 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: ams-mon-1.sys.adgear.com
cm.adgrx.com
1    87.98.228.78 (Spain)

ASN16276 (OVH, FR)
PTR: ip78.ip-87-98-228.eu
green.erne.co
2    104.18.13.5 (None, )

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
2    151.101.129.44 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
match.taboola.com
1    169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
3    51.210.112.63 (France)

ASN16276 (OVH, FR)
PTR: pikafka-3.cloudy.ovh
pixel.onaudience.com
3    18.184.216.10 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-216-10.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    51.255.68.171 (France)

ASN16276 (OVH, FR)
PTR: ns3028611.ip-51-255-68.eu
dsp.nrich.ai
1    63.215.202.140 (Amsterdam, Netherlands)

ASN41041 (VCLK-EU-SE, US)
PTR: ams01-login.dotomi.com
pubmatic-match.dotomi.com
4    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    159.65.197.210 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    34.98.107.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.107.98.34.bc.googleusercontent.com
ads.playground.xyz
1    185.33.220.240 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    52.18.52.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-52-16.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
6    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
1    87.248.118.22 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
PTR: e1.ycpi.vip.deb.yahoo.com
ads.yahoo.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
2    38.27.122.158 (Chestertown, United States)

ASN174 (COGENT-174, US)
match.bnmla.com
1    34.204.22.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-22-100.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    35.201.96.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com
visitor.fiftyt.com
1    185.64.189.229 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
aud.pubmatic.com
2    77.243.60.138 (Aalborg, Denmark)

ASN42697 (NETIC-AS, DK)
uipglob.semasio.net
1    104.22.25.87 (None, )

ASN13335 (CLOUDFLARENET, US)
mwzeom.zeotap.com
1    52.86.83.177 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-83-177.compute-1.amazonaws.com
a.audrte.com
1    34.192.90.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-90-164.compute-1.amazonaws.com
sync.ipredictive.com
Apex Domain
Subdomains		 Transfer
41 googlesyndication.com
pagead2.googlesyndication.com
144 KB
36 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
image2.pubmatic.com
image6.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
simage4.pubmatic.com
aud.pubmatic.com
77 KB
36 bleepstatic.com
www.bleepstatic.com
461 KB
31 doubleclick.net
ad.doubleclick.net
googleads.g.doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
153 KB
19 yahoo.com
c2shb.ssp.yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
ads.yahoo.com
10 KB
16 openx.net
freestar-d.openx.net
eu-u.openx.net
us-u.openx.net
4 KB
16 adnxs.com
ib.adnxs.com
acdn.adnxs.com
secure.adnxs.com
47 KB
16 connatix.com
cd.connatix.com
cds.connatix.com
capi.connatix.com
vid.connatix.com
img.connatix.com
457 KB
14 3lift.com
tlx.3lift.com
eb2.3lift.com
6 KB
13 bidswitch.net
grid.bidswitch.net
x.bidswitch.net
3 KB
13 amazon-adsystem.com
c.amazon-adsystem.com
s.amazon-adsystem.com
44 KB
12 casalemedia.com
htlb.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
14 KB
10 bidr.io
match.prod.bidr.io
5 KB
10 adsrvr.org
match.adsrvr.org
3 KB
10 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
pixel.rubiconproject.com
token.rubiconproject.com
27 KB
8 sharethrough.com
btlr.sharethrough.com
953 B
7 consensu.org
quantcast.mgr.consensu.org
test.quantcast.mgr.consensu.org
audit-tcfv2.quantcast.mgr.consensu.org
269 KB
7 pub.network
a.pub.network
d.pub.network
c.pub.network
372 KB
6 adform.net
c1.adform.net
3 KB
6 addthis.com
s9.addthis.com
m.addthis.com
s7.addthis.com Failed
api-public.addthis.com
217 KB
5 simpli.fi
um.simpli.fi
2 KB
5 mathtag.com
sync.mathtag.com
3 KB
5 w55c.net
pm.w55c.net
4 KB
5 indexww.com
js-sec.indexww.com
4 KB
5 gstatic.com
www.gstatic.com
fonts.gstatic.com
77 KB
5 googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
120 KB
4 everesttech.net
sync-tm.everesttech.net
1 KB
4 media.net
prebid.media.net
contextual.media.net
18 KB
4 districtm.io
dmx.districtm.io
cdn.districtm.io
325 B
4 quantserve.com
secure.quantserve.com
pixel.quantserve.com
10 KB
4 firstimpression.io
ecdn.firstimpression.io
cdn.firstimpression.io
tracking1.firstimpression.io
187 KB
3 eyeota.net
ps.eyeota.net
2 KB
3 onaudience.com
pixel.onaudience.com
1 KB
3 sitescout.com
pixel-sync.sitescout.com
1 KB
3 turn.com
ad.turn.com
1 KB
3 smartadserver.com
rtb-csync.smartadserver.com
489 B
3 crwdcntrl.net
id.crwdcntrl.net
bcp.crwdcntrl.net
sync.crwdcntrl.net
1 KB
3 criteo.com
gum.criteo.com
dis.criteo.com
986 B
3 adlightning.com
tagan.adlightning.com
76 KB
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
3 moatads.com
z.moatads.com
s-jsonp.moatads.com
57 KB
2 semasio.net
uipglob.semasio.net
1 KB
2 fiftyt.com
visitor.fiftyt.com
1 KB
2 bnmla.com
match.bnmla.com
1 KB
2 taboola.com
trc.taboola.com
match.taboola.com
558 B
2 tribalfusion.com
a.tribalfusion.com
s.tribalfusion.com
1 KB
2 1rx.io
sync.1rx.io
1 KB
2 de17a.com
d5p.de17a.com
637 B
2 eqads.com
um2.eqads.com
564 B
2 zemanta.com
b1sync.zemanta.com
602 B
2 bing.com
c.bing.com
737 B
2 linkedin.com
px.ads.linkedin.com
826 B
2 smadex.com
cm.smadex.com
1 KB
2 rlcdn.com
api.rlcdn.com
id.rlcdn.com
334 B
2 investingchannel.com
uat5-a.investingchannel.com
455 B
2 krxd.net
cdn.krxd.net
87 KB
2 33across.com
ssc.33across.com
ssc-cms.33across.com
304 B
2 yieldmo.com
ads.yieldmo.com
461 B
2 springserve.com
vid.springserve.com
vpaid.springserve.com
89 KB
2 btloader.com
btloader.com
api.btloader.com
22 KB
2 reddit.com
www.reddit.com
3 KB
2 google-analytics.com
www.google-analytics.com
20 KB
1 ipredictive.com
sync.ipredictive.com
522 B
1 audrte.com
a.audrte.com
1 zeotap.com
mwzeom.zeotap.com
455 B
1 stackadapt.com
sync.srv.stackadapt.com
649 B
1 gumgum.com
rtb.gumgum.com
238 B
1 playground.xyz
ads.playground.xyz
486 B
1 bidtheatre.com
match.adsby.bidtheatre.com
550 B
1 dotomi.com
pubmatic-match.dotomi.com
104 B
1 nrich.ai
dsp.nrich.ai
489 B
1 deepintent.com
match.deepintent.com
44 B
1 erne.co
green.erne.co
326 B
1 adgrx.com
cm.adgrx.com
408 B
1 ad4m.at
ad4m.at
974 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
535 B
1 loopme.me
csync.loopme.me
217 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 rfihub.com
p.rfihub.com
779 B
1 extend.tv
sync.extend.tv
546 B
1 contextweb.com
bh.contextweb.com
497 B
1 brealtime.com
biddr.brealtime.com
1 KB
1 sharedid.org
id.sharedid.org
379 B
1 postrelease.com
jadserve.postrelease.com
688 B
1 emxdgt.com
hb.emxdgt.com
165 B
1 2mdn.net
s0.2mdn.net
17 KB
1 ntv.io
s.ntv.io
110 KB
1 cloudfront.net
dggaenaawxe8z.cloudfront.net
3 KB
1 ad-delivery.net
ad-delivery.net
926 B
1 videoplayerhub.com
freestar-io.videoplayerhub.com
524 B
1 googletagservices.com
www.googletagservices.com
25 KB
1 pghub.io
pghub.io
2 KB
1 quantcount.com
rules.quantcount.com
377 B
1 addthisedge.com
v1.addthisedge.com
855 B
1 outbrain.com
widgets.outbrain.com
3 KB
1 analysis.fi
ecdn.analysis.fi
2 KB
1 cloudflareinsights.com
static.cloudflareinsights.com
5 KB
1 google.com
www.google.com
346 B
1 googletagmanager.com
www.googletagmanager.com
39 KB
1 bleepingcomputer.com
www.bleepingcomputer.com
17 KB
361 100
Domain Requested by
41 pagead2.googlesyndication.com www.bleepingcomputer.com
pagead2.googlesyndication.com
36 www.bleepstatic.com www.bleepingcomputer.com
www.bleepstatic.com
26 cm.g.doubleclick.net 11 redirects www.bleepingcomputer.com
eu-u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
15 simage2.pubmatic.com ads.pubmatic.com
www.bleepingcomputer.com
13 ib.adnxs.com 5 redirects a.pub.network
acdn.adnxs.com
12 eb2.3lift.com 4 redirects a.pub.network
eb2.3lift.com
11 x.bidswitch.net 8 redirects eb2.3lift.com
ssum-sec.casalemedia.com
11 c2shb.ssp.yahoo.com a.pub.network
10 match.prod.bidr.io 10 redirects
10 eu-u.openx.net a.pub.network
eu-u.openx.net
10 match.adsrvr.org 2 redirects a.pub.network
eu-u.openx.net
eb2.3lift.com
ssum-sec.casalemedia.com
www.bleepingcomputer.com
9 image2.pubmatic.com 2 redirects ads.pubmatic.com
8 s.amazon-adsystem.com 4 redirects eb2.3lift.com
ssum-sec.casalemedia.com
8 btlr.sharethrough.com a.pub.network
7 img.connatix.com www.bleepingcomputer.com
6 dsum-sec.casalemedia.com 2 redirects ssum-sec.casalemedia.com
um2.eqads.com
6 c1.adform.net 5 redirects ads.pubmatic.com
5 um.simpli.fi 3 redirects ssum-sec.casalemedia.com
ads.pubmatic.com
5 sync.mathtag.com 5 redirects
5 pm.w55c.net 5 redirects
5 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
5 js-sec.indexww.com a.pub.network
ssum-sec.casalemedia.com
5 capi.connatix.com cd.connatix.com
5 quantcast.mgr.consensu.org www.bleepstatic.com
quantcast.mgr.consensu.org
5 a.pub.network www.bleepingcomputer.com
a.pub.network
tagan.adlightning.com
4 sync-tm.everesttech.net 3 redirects ads.pubmatic.com
4 pr-bh.ybp.yahoo.com 3 redirects ads.pubmatic.com
4 us-u.openx.net eu-u.openx.net
4 ssum-sec.casalemedia.com 2 redirects js-sec.indexww.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
4 fonts.gstatic.com fonts.googleapis.com
3 token.rubiconproject.com 3 redirects
3 pixel.rubiconproject.com www.bleepingcomputer.com
3 ps.eyeota.net 2 redirects ads.pubmatic.com
3 pixel.onaudience.com 3 redirects
3 ups.analytics.yahoo.com 2 redirects ssum-sec.casalemedia.com
3 pixel-sync.sitescout.com 3 redirects
3 ad.turn.com 3 redirects
3 pixel.quantserve.com 3 redirects
3 rtb-csync.smartadserver.com eu-u.openx.net
ads.pubmatic.com
3 ads.pubmatic.com a.pub.network
ads.pubmatic.com
3 tagan.adlightning.com a.pub.network
tagan.adlightning.com
3 securepubads.g.doubleclick.net www.googletagservices.com
cd.connatix.com
3 sb.scorecardresearch.com 1 redirects a.pub.network
www.bleepingcomputer.com
3 s7.addthis.com s9.addthis.com
2 uipglob.semasio.net 1 redirects www.bleepingcomputer.com
2 visitor.fiftyt.com 2 redirects
2 match.bnmla.com 2 redirects
2 simage4.pubmatic.com ads.pubmatic.com
2 image4.pubmatic.com ads.pubmatic.com
2 sync.1rx.io 2 redirects
2 d5p.de17a.com 2 redirects
2 um2.eqads.com 1 redirects ssum-sec.casalemedia.com
2 image6.pubmatic.com ads.pubmatic.com
2 b1sync.zemanta.com 2 redirects
2 c.bing.com eb2.3lift.com
2 px.ads.linkedin.com eb2.3lift.com
2 cm.smadex.com 2 redirects
2 eus.rubiconproject.com a.pub.network
eus.rubiconproject.com
2 contextual.media.net a.pub.network
2 acdn.adnxs.com a.pub.network
2 cdn.districtm.io a.pub.network
2 uat5-a.investingchannel.com dggaenaawxe8z.cloudfront.net
2 cdn.krxd.net www.bleepingcomputer.com
cdn.krxd.net
2 fastlane.rubiconproject.com a.pub.network
2 grid.bidswitch.net a.pub.network
2 prebid.media.net a.pub.network
2 freestar-d.openx.net a.pub.network
2 tlx.3lift.com a.pub.network
2 dmx.districtm.io a.pub.network
2 ads.yieldmo.com a.pub.network
2 htlb.casalemedia.com a.pub.network
2 hbopenbid.pubmatic.com a.pub.network
2 gum.criteo.com a.pub.network
2 www.reddit.com s9.addthis.com
2 tracking1.firstimpression.io ecdn.firstimpression.io
2 z.moatads.com s9.addthis.com
tagan.adlightning.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cds.connatix.com www.bleepingcomputer.com
cd.connatix.com
1 sync.ipredictive.com 1 redirects
1 a.audrte.com www.bleepingcomputer.com
1 mwzeom.zeotap.com www.bleepingcomputer.com
1 aud.pubmatic.com www.bleepingcomputer.com
1 sync.srv.stackadapt.com 1 redirects
1 id.rlcdn.com www.bleepingcomputer.com
1 ads.yahoo.com www.bleepingcomputer.com
1 rtb.gumgum.com ads.pubmatic.com
1 secure.adnxs.com 1 redirects
1 ads.playground.xyz 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 dsp.nrich.ai 1 redirects
1 sync.crwdcntrl.net 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 match.taboola.com ads.pubmatic.com
1 trc.taboola.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 green.erne.co 1 redirects
1 cm.adgrx.com ads.pubmatic.com
1 ad4m.at ads.pubmatic.com
1 sync.targeting.unrulymedia.com 1 redirects
1 csync.loopme.me 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 bcp.crwdcntrl.net ssum-sec.casalemedia.com
1 p.rfihub.com 1 redirects
1 sync.extend.tv 1 redirects
1 bh.contextweb.com 1 redirects
1 ssc-cms.33across.com a.pub.network
1 biddr.brealtime.com a.pub.network
1 id.sharedid.org a.pub.network
1 id.crwdcntrl.net a.pub.network
1 api.rlcdn.com a.pub.network
1 c.pub.network a.pub.network
1 s-jsonp.moatads.com www.bleepingcomputer.com
1 vpaid.springserve.com cd.connatix.com
1 jadserve.postrelease.com tagan.adlightning.com
1 hb.emxdgt.com a.pub.network
1 s0.2mdn.net imasdk.googleapis.com
1 ssc.33across.com a.pub.network
1 s.ntv.io a.pub.network
1 dggaenaawxe8z.cloudfront.net a.pub.network
1 api.btloader.com freestar-io.videoplayerhub.com
1 vid.springserve.com cd.connatix.com
1 ad-delivery.net www.bleepingcomputer.com
1 vid.connatix.com cd.connatix.com
1 btloader.com www.bleepingcomputer.com
1 freestar-io.videoplayerhub.com 1 redirects
1 www.googletagservices.com a.pub.network
1 pghub.io a.pub.network
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 api-public.addthis.com s9.addthis.com
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rules.quantcount.com secure.quantserve.com
1 d.pub.network a.pub.network
1 cdn.firstimpression.io ecdn.firstimpression.io
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 m.addthis.com s9.addthis.com
1 v1.addthisedge.com s9.addthis.com
1 secure.quantserve.com quantcast.mgr.consensu.org
1 widgets.outbrain.com www.bleepingcomputer.com
1 ad.doubleclick.net www.bleepingcomputer.com
1 ecdn.firstimpression.io www.bleepingcomputer.com
1 ecdn.analysis.fi www.bleepingcomputer.com
1 cd.connatix.com 1 redirects
1 static.cloudflareinsights.com www.bleepingcomputer.com
1 s9.addthis.com www.bleepingcomputer.com
1 www.gstatic.com www.bleepingcomputer.com
1 www.google.com 1 redirects
1 www.googletagmanager.com www.bleepingcomputer.com
1 fonts.googleapis.com www.bleepingcomputer.com
1 www.bleepingcomputer.com
361 153

This site contains no links.

Subject Issuer Validity Valid
bleepingcomputer.com
Sectigo RSA Domain Validation Secure Server CA		 2020-05-16 -
2022-05-15		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-30 -
2021-11-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-16 -
2022-06-15		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-04-25 -
2022-04-27		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2020-09-29 -
2021-10-19		 a year crt.sh
analysis.fi
Amazon		 2021-01-03 -
2022-02-01		 a year crt.sh
*.firstimpression.io
Sectigo RSA Domain Validation Secure Server CA		 2020-12-05 -
2021-12-05		 a year crt.sh
quantcast.mgr.consensu.org
Amazon		 2021-04-24 -
2022-05-23		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA		 2021-05-25 -
2022-06-01		 a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-01-21 -
2022-01-25		 a year crt.sh
*.pub.network
Go Daddy Secure Certificate Authority - G2		 2021-03-17 -
2022-04-18		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-23 -
2021-11-18		 6 months crt.sh
*.scorecardresearch.com
Amazon		 2021-02-28 -
2022-03-29		 a year crt.sh
*.pghub.io
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-09 -
2022-02-16		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.springserve.com
Amazon		 2021-07-07 -
2022-08-05		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.adlightning.com
Amazon		 2021-06-24 -
2022-07-23		 a year crt.sh
api.btloader.com
GTS CA 1D4		 2021-08-28 -
2021-11-26		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.ntv.io
DigiCert SHA2 Secure Server CA		 2021-01-25 -
2022-02-01		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2020-12-07 -
2021-12-14		 a year crt.sh
*.yieldmo.com
Amazon		 2021-05-25 -
2022-06-23		 a year crt.sh
districtm.io
Cloudflare Inc ECC CA-3		 2021-06-02 -
2022-06-01		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.3lift.com
Amazon		 2021-06-12 -
2022-07-11		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-01 -
2021-09-30		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-30 -
2022-02-23		 6 months crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2021-04-12 -
2022-05-05		 a year crt.sh
grid.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-10-15 -
2021-10-23		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
cdn.krxd.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2021-02-08 -
2022-02-07		 a year crt.sh
*.investingchannel.com
Go Daddy Secure Certificate Authority - G2		 2020-05-26 -
2022-06-01		 2 years crt.sh
*.emxdgt.com
Amazon		 2021-07-02 -
2022-07-31		 a year crt.sh
*.postrelease.com
Amazon		 2021-01-28 -
2022-02-25		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
id.sharedid.org
Amazon		 2021-01-08 -
2022-02-06		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2020-01-22 -
2022-03-22		 2 years crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-16 -
2022-03-16		 6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-07-06 -
2022-01-06		 6 months crt.sh
s.amazon-adsystem.com
Amazon		 2021-07-14 -
2022-06-27		 a year crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA		 2019-09-18 -
2021-12-12		 2 years crt.sh
um3.eqads.com
Amazon		 2021-06-26 -
2022-07-25		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-17 -
2022-02-09		 6 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-24 -
2022-03-26		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.eyeota.net
R3		 2021-08-27 -
2021-11-25		 3 months crt.sh
*.pbp.bf2.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-18 -
2021-11-17		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-16 -
2021-10-06		 2 months crt.sh
*.semasio.net
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-09 -
2022-04-10		 a year crt.sh
*.audrte.com
Amazon		 2021-01-26 -
2022-02-24		 a year crt.sh

This page contains 45 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Frame ID: D5B1FEC556E711CE65CDB7DE2D86BBEB
Requests: 208 HTTP requests in this frame

Frame: https://cds.connatix.com/p/130397/connatix.playspace.dc.js
Frame ID: 6A963939AB7EA324B1D13C8004410D2F
Requests: 10 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: F0A750594A1F89AFCF7E0C52EB78939A
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 96D5978C766D0A423715821491413BF8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/zrt_lookup.html
Frame ID: 6FCB9BB13431BA51B485AF07C8371FB7
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Frame ID: 407C2C915E24AED795D839A1990AF9CD
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Frame ID: 5CC4196CCEF258EECE4A156C4DB3ADFF
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Frame ID: 948B6BCC686F16D5B7D96F0FC85542C7
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Frame ID: 2A20C87A0976B544D69BE619E4F5214E
Requests: 11 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 746FBF2305F1161E6AD3459C8CFC2245
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dPGcAuqZ0r6Ok4aKlId8sQ&gdpr_consent=undefined&us_privacy=1---
Frame ID: 643D9674EDB9C79E93EB46DAD8F4FDEA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 8BA50649A8672E64549235D13EE7F53A
Requests: 24 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 4412CED44B33D78855B08BB71A420B22
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html?ccpa=1---
Frame ID: 2D34C4BD1ADFA2BB206F1E9F16C9AF05
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Frame ID: EF5D180B329C54B675F4E66871DFC3BB
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E3B950E49877BD27F8D7378119D81176
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Frame ID: 0E7F58B0DD7C58C417FDA9E9DA5D96BF
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html?ccpa=1---
Frame ID: 63571DA437D8CC40026156A6F39F9526
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: DE58A55F271B2DA09A624E1BCFB84220
Requests: 8 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A4F3103C90F3A8ECC7A8942F9E24C4C1
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: FC5ED4CCBEF428FD4A679940E4777555
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Frame ID: 727CD904DC3C40A713442E3AFEB5E98D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Frame ID: 95F80056D495EE66B573A06EE5600847
Requests: 10 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Frame ID: A479D101A85A4A50BB3E92FE690C9E63
Requests: 11 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Frame ID: 955E31857FF62BBD5C01E2468FD26E9D
Requests: 11 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: C88A21973DD6E46780DEB23744AA0F64
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 72656C75DB8221F75954354F40248870
Requests: 9 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: ABE482C6EBD43A4171448A5B4F917DF8
Requests: 2 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=A213C01F-72C3-46A4-BFE8-DB5971C42950
Frame ID: D2D6B820AB6ABA02BA368B1F11F17D1E
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
Frame ID: 063C9D97ACA44D5E6248EA5D870217F5
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: EE31D8FB29919242AC55F8D43F1E6CAE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
Frame ID: F926AB4568A5256667BFC4831ECB51BC
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Frame ID: 0231922BD7B5F1ED6FD6C4FE481FAE50
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 6D2C9AC863CEEDCB98A44815E9B94EC4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
Frame ID: BB5B7F796EF245B01E3CB5EC70AC7296
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 8EBCB989CC9E67E398B39000409B93ED
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 3ED9B179F6A3E3C3751E7EBF16C9637B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
Frame ID: 546C906CA5C529C0185856A2FBE647D8
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 5E4EACEB24D277DA227E61A9D3B2CD65
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 139A22738179B18352544F4B9F114254
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 6AAA0B559442D745A50648E343FFDF92
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
Frame ID: 1225F9B7E2FEB73A763451185AA1C28E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
Frame ID: 66C0C5779F2D67DD31804A7EF3A19169
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
Frame ID: 24970B0B0F6D4271699E492D637D110C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
Frame ID: A8CF7D542BD3EF65B8815CB832BA09AB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • addthis\.com/js/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

361
Requests

100 %
HTTPS

0 %
IPv6

100
Domains

153
Subdomains

104
IPs

10
Countries

3296 kB
Transfer

10712 kB
Size

140
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 301
  • https://www.gstatic.com/prose/brandjs.js
Request Chain 27
  • https://cd.connatix.com/connatix.playspace.js HTTP 302
  • https://cds.connatix.com/p/130397/connatix.playspace.dc.js
Request Chain 84
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&c9=
Request Chain 87
  • https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
  • https://btloader.com/tag?h=freestar-io&upapi=true
Request Chain 229
  • https://eb2.3lift.com/sync?us_privacy=1---& HTTP 302
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Request Chain 238
  • https://eb2.3lift.com/sync?us_privacy=1---& HTTP 302
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Request Chain 240
  • https://x.bidswitch.net/sync?ssp=themediagrid&us_privacy=1--- HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzNWExNzIx HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzNWExNzIx&google_tc=
Request Chain 241
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Request Chain 242
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Request Chain 243
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Request Chain 244
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=fbc95b47-9b9d-4815-bd33-0388d35a1721 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=67d4e697-eb01-4c50-bed2-2095b494871b&expires=10&ssp=openx&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
Request Chain 245
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Request Chain 246
  • https://match.prod.bidr.io/cookie-sync/ox HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBMFFFN0NtWDhBQUJBYW8yNjVUZw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAEKk7CmX8AABnd9zOAUg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpp%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Request Chain 247
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=eac9614c-bf4b-4900-a715-e055d0b35abd
Request Chain 248
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=dAw0ciBbNHNvDWMnJFktJSEIYyRvCjMoJ1ya0Mb1
Request Chain 249
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5178698851861003947
Request Chain 251
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
Request Chain 252
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
Request Chain 253
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Request Chain 254
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=fbc95b47-9b9d-4815-bd33-0388d35a1721 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=ed0d6ec3-d6d3-4ef5-b4d2-5de9480a362a&expires=10&ssp=openx&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
Request Chain 255
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Request Chain 256
  • https://match.prod.bidr.io/cookie-sync/ox HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBRUtrN0NtWDhBQUJuZDl6T0FVZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAEKk7CmX8AABnd9zOAUg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAAEKk7CmX8AABnd9zOAUg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAAEKk7CmX8AABnd9zOAUg&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Request Chain 257
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Request Chain 258
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wu0VJpa6FSfZ7EJywe4Mdpa9RyPZ5RFxlb7L8E6E
Request Chain 259
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6225523299478106640
Request Chain 261
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
Request Chain 262
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
Request Chain 265
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
Request Chain 267
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4352010470323349887?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-JUbEw29E2oS0XGGm.aOe3j1iuKqacjo4d0Ki3xkYkA--~A&dongle=0883
Request Chain 270
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4352010470323349887 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Request Chain 271
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 272
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4587378197357762933&dongle=d407
Request Chain 275
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
Request Chain 277
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4352010470323349887?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-_98EjzhE2oQnd5Mn2RjjybM7WcMjIjWyF9FQZaIekQ--~A&dongle=0883
Request Chain 280
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4352010470323349887 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Request Chain 281
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 282
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4371205415243979125&dongle=d407
Request Chain 287
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Request Chain 290
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB&dcc=t
Request Chain 291
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 292
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a01c1fd8-b616-4d57-9556-788764f6d960
Request Chain 293
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471598264745664
Request Chain 295
  • https://um2.eqads.com/um/cs HTTP 302
  • https://um2.eqads.com/um/cs&eq_cc=1
Request Chain 296
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&dcc=t
Request Chain 299
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Request Chain 300
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635011659
Request Chain 306
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
Request Chain 308
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
Request Chain 309
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Request Chain 310
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 311
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5397198179 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/e274abdd-3af6-4a62-a24a-54c6d395d3f0 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
Request Chain 314
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
Request Chain 315
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 316
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 318
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ohPAH3LDRqS_6NtZccQpUA%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 319
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Request Chain 320
  • https://pixel.onaudience.com/?partner=214&mapped=A213C01F-72C3-46A4-BFE8-DB5971C42950 HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=313cbf04e897955629a9b79c2c782fa HTTP 302
  • https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m HTTP 302
  • https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1babd887643ad4db HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1babd887643ad4db HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MjJ1emtGcXV1c3lMSG1fRUtmbkJoRWhoZVZ1bkFHN1RwZHFGaGhKMFJkbDA&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_error=15
Request Chain 321
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QTIxM0MwMUYtNzJDMy00NkE0LUJGRTgtREI1OTcxQzQyOTUw&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 322
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
Request Chain 324
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e274abdd-3af6-4a62-a24a-54c6d395d3f0
Request Chain 325
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6225523299478106640
Request Chain 326
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&gdpr=0&gdpr_consent=
Request Chain 327
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4746351740882832372&gdpr=0&gdpr_consent=
Request Chain 328
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn
Request Chain 329
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-lb5nupBE2uXHjHa4U8GlJGKBAqowPsA-~A&gdpr=0&gdpr_consent=
Request Chain 331
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=283&user_id=4a58895e-b04a-4766-89f8-5aafc22efc56&expires=1&user_group=5&ssp=pubmatic&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 333
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YUy-SwADy8UUOAA6
Request Chain 334
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4371205415243979125&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 335
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553&gdpr=0&gdpr_consent=
Request Chain 336
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:b48b1dfb-101c-45b4-9922-d07e10254883&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 337
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4746351740882832372
Request Chain 339
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1--- HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1---&_test=YUy-SwADzIAUhAA6 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUy-SwADzIAUhAA6&us_privacy=1---&_test=YUy-SwADzIAUhAA6
Request Chain 341
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1--- HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTX8IHAH-J-BAN7&sigv=1&esig=2~843828ccbebdf1921449d876eec7d953cb12bd76&us_privacy=1---
Request Chain 343
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1--- HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/lAY_4teSx9cpoDfXiS9rgg?csrc=&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4899218291336490482
Request Chain 344
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=abd9614c-bf4b-4100-8c35-f75bd03c2abe&expires=28
Request Chain 345
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYOElIQUgtSi1CQU43&us_privacy=1---
Request Chain 352
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
Request Chain 353
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
  • https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
  • https://match.bnmla.com/usersync?dspid=6&uuid=C3007D7E0AEC456C923157B5EAEBDD04 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
Request Chain 354
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
Request Chain 355
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
Request Chain 356
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=A213C01F-72C3-46A4-BFE8-DB5971C42950&addseg=10,33,39
Request Chain 357
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 360
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=489b288b-1c97-11ec-8e3f-0f1e794564a3&gdpr=0&gdpr_consent=

361 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ 		72 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.60.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c4eab9bc7c098db5d26b703be15bb173f8b729b5fde66e0ab541263d8e80a5f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.bleepingcomputer.com
:scheme
https
:path
/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-type
text/html; charset=UTF-8
content-security-policy
upgrade-insecure-requests;
x-frame-options
SAMEORIGIN
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
last-modified
Tue, 21 Sep 2021 15:54:56 GMT
vary
Accept-Encoding,User-Agent
set-cookie
session_id=e950749ecf57e6089480a8ba4f021e68; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=11831; expires=Sat, 23-Oct-2021 17:54:10 GMT; Max-Age=2592000; path=/;Secure
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6935a2ff4f9be003-FRA
content-encoding
br
css
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
ESF /
Resource Hash
ff420b26b8a33e1bcae39c4d165c2cc259681bbb7b32565dbd7644c1d84cbfa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 17:32:34 GMT
server
ESF
date
Thu, 23 Sep 2021 17:54:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 23 Sep 2021 17:54:11 GMT
bootstrap.min.css
www.bleepstatic.com/js/redesign/bootstrap/css/ 		119 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap/css/bootstrap.min.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6859
last-modified
Wed, 13 Feb 2019 14:22:49 GMT
server
cloudflare
etag
W/"624975547"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d888sAjg3KJF71IeatUVPJalKkLuAdJJNldjkqvEXk4zZsvTDyCGn9wqfRlmszkC1sqsPE6k%2BMUcJ8SkGOOVpc4MyVD3yoyKX52%2Bqm70wVp5MAL%2BDFmjsbOAk8DKQ8KJa3lUs80%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
6935a30408474137-PRG
expires
Fri, 28 May 2021 05:38:09 GMT
main.css
www.bleepstatic.com/css/redesign/ 		52 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b37f3d8aa5e1f298bf71477c945f576745020ce44f048ec67e19a93cd285372

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6859
cf-polished
origSize=62676
last-modified
Tue, 27 Apr 2021 20:09:53 GMT
server
cloudflare
etag
W/"2761713618"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chwFdho9wznce%2BIdSJ1oqSHxIAW4rKyVdtaOYq%2BTyaHdvZ%2FXR%2FQXU4xM6FUGGBYCZQoVaY%2F1iy6LFsvLWqjqeNe%2F8AR%2BMqJNFihm4hCzSgaMFnXeBjQpMRGtShaGmcP%2Fquk36gk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
expires
Tue, 01 Jun 2021 20:12:25 GMT
cache-control
max-age=3024000
cf-ray
6935a304084a4137-PRG
cf-bgj
minify
home.css
www.bleepstatic.com/css/redesign/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/home.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca22345f969dd8077c21281572a34d4a51bc6a5ad9d764bd1338b2c12a68c3e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2056679
cf-polished
origSize=15024
last-modified
Sat, 21 Nov 2020 17:53:40 GMT
server
cloudflare
etag
W/"2807382579"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Clx2oyrwVwUhba31eM6QWjoTd%2BJQzUzEnpEIeBi%2BzzVKZ%2FzW559JNP43%2FvqEm4mFy8%2FJm7Tph7uZ%2Fyk9xcRnx9dpjWFqBPOojHN6BV6JgUDQeO2RSFnNqGfO1JFkUf%2FZ8GGBHSw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
expires
Mon, 04 Oct 2021 22:36:11 GMT
cache-control
max-age=3024000
cf-ray
6935a304084b4137-PRG
cf-bgj
minify
news.css
www.bleepstatic.com/css/redesign/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/news.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4901b094a91ea6d5aba73774bb9803fdca22599cfca597ef81249225b5ed01b4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2573272
cf-polished
origSize=33102
last-modified
Tue, 24 Aug 2021 22:50:05 GMT
server
cloudflare
etag
W/"57477024"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHqaRxEa7jpVV9fWslN0CnyX%2F8a25Zc%2F3GzryR3Z%2BicVTwUW7fbTZd%2BpVtHb5VRDJl5SmrqOJCZBwzibxKFXvW5HaxRB3ufiYf3m1GBb9AAy1%2FniAUknIMmfUWrYaH9%2FP9bdVC0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
expires
Tue, 28 Sep 2021 23:06:19 GMT
cache-control
max-age=3024000
cf-ray
6935a304084d4137-PRG
cf-bgj
minify
jquery-3.5.1.min.js
www.bleepstatic.com/js/redesign/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/jquery-3.5.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6052
last-modified
Mon, 04 May 2020 23:02:39 GMT
server
cloudflare
etag
W/"1177690299"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGhE6a1se2FjjE6w8WaMy25lVghOb%2BMU7CXakZCBvBbqu0G7PTq1T7JlViqcm%2Bu8L73WJgY5Pdap9Ye6STnwi4Wd%2BdUzYd9y11EvVWsYr3G%2FBb6LWJCJcz00OVaapjC2vTdVzJ0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
6935a304084e4137-PRG
expires
Fri, 28 May 2021 05:38:09 GMT
jquery-migrate-1.4.1.min.js
www.bleepstatic.com/js/redesign/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/jquery-migrate-1.4.1.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6052
last-modified
Fri, 20 May 2016 01:26:30 GMT
server
cloudflare
etag
W/"2177127834"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wDkL09am4gVyWbCnCLC4%2BswfNRX4EsWrZ1DRb3frNu4WbgW10W7nutjJXr8sGWD%2FG3Vyoa6RrVj32L%2B3XQ3a%2FDUTUePip4grxodcRStTTiNkiAqb74Ij1QeQ5Y2ftetMiDewDk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
6935a304084f4137-PRG
expires
Fri, 28 May 2021 05:38:09 GMT
news.js
www.bleepstatic.com/js/redesign/ 		183 B
648 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/news.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1801
cf-polished
origSize=247
last-modified
Wed, 16 Dec 2015 15:41:46 GMT
server
cloudflare
etag
W/"4218930423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYIbLNEbmllg6G%2B5TAebNRbq95T56Kniwk5qPFnw3vkHw7kok%2FQ50fZjPwF6VdlIrHYB9A1mSZuzE8lE2o7BAiW5bikJ%2BOfdogmO3Z0KahtWBK1z%2FYYLcz76zt3JAQctR3mPxRA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
expires
Fri, 28 May 2021 05:38:10 GMT
cache-control
max-age=3024000
cf-ray
6935a30488ba4137-PRG
cf-bgj
minify
cls.css
a.pub.network/core/pubfig/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/cls.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=kjwd8A==, md5=KtQsmezne0blpCqFIHo3UA==
date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdvKw14pbDg8wfrCJ5pHHLzEt9wDJ_ghEEknwyDuvxCP12GpER2wk5WvSDYg9eJjLPsvBMRrkX8vZVuqmA0F3vc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
text/css
last-modified
Tue, 11 May 2021 20:31:48 GMT
server
cloudflare
etag
W/"2ad42c99ece77b46e5a42a85207a3750"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ej7lpX4englHv3GiaYoisRuZs8hS7L8sFFRuC6eGLTwfhi7sW7GtKUL7OHkusvFuRapwJRHy1lqn7msxWPAiQtVkCn4aKs%2B6jFzrR%2FLeDQWTxbPvP8ir7qZfB7iU5%2BQ%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620765108454625
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
1752
cf-ray
6935a3041bcdf9e2-PRG
expires
Thu, 23 Sep 2021 18:30:04 GMT
pubfig.min.js
a.pub.network/bleepingcomputer-com/ 		118 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca2e5c101658391c814501d092ecb438250c627fc7a18a9d5e968b32aa0b0ba6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=sm+rQQ==, md5=AmfDearT+X+eYxTze9E5bQ==
date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdvhQ_7vBWIJFPjOcqKclzzaaskmr1OiD8l_yhDWyAtLOObc9KJFwNuwdDt75QrNJ2QViwXaEyV7y4EzYYXT0u4
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
last-modified
Tue, 21 Sep 2021 21:54:21 GMT
server
cloudflare
etag
W/"0267c379aad3f97f9e6314f37bd1396d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KZJBoME6ROB42Zkemg9ifXFtGBxq0xMU3D10OtirhUr5vg9aDQr%2FAONQk5imbbrxDZs0Nz27ANWYEcic2J1NE7CfGdnpR0OFRzRkn3IyBjzwgdbSFdT6%2B9%2Biyk5Fx0w%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1632261260975924
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=1800
x-goog-stored-content-length
120914
cf-ray
6935a3048c1ff9e2-PRG
expires
Wed, 22 Sep 2021 22:37:17 GMT
qc-consent.js
www.bleepstatic.com/js/qc-consent/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28d4e8c1043164607dcdeb358e2a08c9565fe286ceeeabea79e67f8c680187e7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
996
cf-polished
origSize=3904
last-modified
Mon, 05 Oct 2020 20:38:13 GMT
server
cloudflare
etag
W/"2345400546"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Rf70M5dEqm%2FalD6U5n4Zw7fiZ6UMEosMi2hJ8hLbgnJXAYWoA3QKaq3j8Rtcr4p7D%2FKk3RjKybf7S%2BXiiR%2Fdp%2BCbR3Ye%2B9vyacuprOyItz1QOr7d7rUOeyXJ817%2BMpMwbqBU7M%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
expires
Fri, 28 May 2021 05:37:52 GMT
cache-control
max-age=3024000
cf-ray
6935a30488bd4137-PRG
cf-bgj
minify
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
64b72e85ed0a94e333fc1b0e36f18464ed0e6bccf12e45ca9408c065bb721300
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39244
x-xss-protection
0
last-modified
Thu, 23 Sep 2021 16:40:47 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 23 Sep 2021 17:54:11 GMT
logo.png
www.bleepstatic.com/images/site/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/logo.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
85583
cf-polished
origFmt=png, origSize=1882
content-disposition
inline; filename="logo.webp"
content-length
1152
last-modified
Sat, 04 Mar 2017 04:12:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KR54Pw0V1wMF9RIszNpXf4ehIGdLwADLL1qp2y6ttgYAogreD8McWowHnnkO4bGN%2FKS7iegdC1%2B6HBzvNJY6YQ4qr65Ur9e59USw0qtab7V7qeAE0Td8%2Fb0HjfrAHpDMBcz2PXQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 22 Oct 2021 18:07:47 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488bf4137-PRG
cf-bgj
imgq:85,h2pri
brandjs.js
www.gstatic.com/prose/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://www.gstatic.com/prose/brandjs.js
14 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/prose/brandjs.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f99.1e100.net
Software
sffe /
Resource Hash
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 02:48:48 GMT
x-content-type-options
nosniff
age
54323
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13880
x-xss-protection
0
last-modified
Tue, 06 Apr 2021 15:14:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Fri, 24 Sep 2021 02:48:48 GMT

Redirect headers

date
Thu, 23 Sep 2021 17:44:12 GMT
x-content-type-options
nosniff
server
sffe
age
599
content-type
text/html; charset=UTF-8
location
https://www.gstatic.com/prose/brandjs.js
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
237
x-xss-protection
0
expires
Thu, 23 Sep 2021 18:14:12 GMT
computer-hacker.jpg
www.bleepstatic.com/content/hl-images/2021/04/16/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2021/04/16/computer-hacker.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be5b86a8fd8b9712c5ff856e630d63f43f0f375a805f933ac4235696b09a0730

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
179785
cf-polished
qual=85, origFmt=jpeg, origSize=301485
content-disposition
inline; filename="computer-hacker.webp"
content-length
98186
last-modified
Fri, 16 Apr 2021 23:16:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlSxwZ7Mrsihwndl9b23aKy8BbWNtpSqvozm6bl8nKLLqq5a9x5wbxs9BG5LejhCogkC4CJ9dp7BZi8zirJfEY%2F4ZdsR3HZThFUnLPwBrmmzo%2BhnpD3y%2FxuqU8QKA5cTgtrxaJk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 21 Oct 2021 15:57:46 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488c04137-PRG
cf-bgj
imgq:85,h2pri
TinyTurlaDLL.jpg
www.bleepstatic.com/images/news/u/1100723/APT/Turla/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/news/u/1100723/APT/Turla/TinyTurlaDLL.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6097344ff5f784720afb0edb33df4a046ea36d0637a82df2ba81fc31b3a39b45

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
34540
cf-polished
qual=85, origFmt=jpeg, origSize=182876
content-disposition
inline; filename="TinyTurlaDLL.webp"
content-length
67746
last-modified
Tue, 21 Sep 2021 15:40:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24zpdZh0mNxew7lfxOF7QbSnKUCzIs3Wz5DBqwz40pzgsNVCMiHG680HZ9pNqmO6frK%2F4mlFIJJeiumz1hHsdh0K6eaBPWDbpI3VRa19HLJ5BDR04InmcRX33kBVW7u%2BuWOCIiI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 23 Oct 2021 08:18:30 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488c14137-PRG
cf-bgj
imgq:85,h2pri
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		139 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
923a7d675666ba1265aa3b4dba66990a821f9685a927e36481406a70e1f8f4a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49881
x-xss-protection
0
server
cafe
etag
10442517511678622538
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 23 Sep 2021 17:54:11 GMT
Bleeping_Computer_CFM_2021.gif
www.bleepstatic.com/images/comp/flashpoint/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/comp/flashpoint/Bleeping_Computer_CFM_2021.gif
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fd66396731ba6db34f326420a8921e372ca68ec3e11de6bd8e4933cfd99ab6d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
88903
cf-polished
origFmt=gif, origSize=65559
content-disposition
inline; filename="Bleeping_Computer_CFM_2021.webp"
content-length
42842
last-modified
Mon, 13 Sep 2021 23:41:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROXOFUeorGZNYrEb7LlAGQRH4QlyohsiYORk2mcayRXMYK3qdgn06Jm46zlRCIVkYB0CFtYIgKR29IIMjjgiw51lTsly3mgB0AHcLD3fs5RXBBZHWgqWvDezvuG6YHUmWt%2FF%2FwQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 22 Oct 2021 17:12:28 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488c24137-PRG
cf-bgj
imgq:85,h2pri
acronis-cyber-protect.png
www.bleepstatic.com/images/comp/acronis/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/comp/acronis/acronis-cyber-protect.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2772a00116e7391d1858bcdfb85a7f366d1e44a38c6a948485d87fcdf908489

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
340860
cf-polished
origFmt=png, origSize=49547
content-disposition
inline; filename="acronis-cyber-protect.webp"
content-length
43772
last-modified
Tue, 07 Sep 2021 20:25:31 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lST397FTL8LvN8cpcDBesqBnpbpce6B%2FUtMxH58h6kpyWDsGuleZj3IuS59lMPPJzlcKe7huW%2F4uVGA7n3uZwXXsBRj624bqzygVsdIePhr6p0fHIM1ej8mvWjuxVXm8b%2FWpaLw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Tue, 19 Oct 2021 19:13:11 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488c44137-PRG
cf-bgj
imgq:85,h2pri
twitter.png
www.bleepstatic.com/images/site/login/ 		282 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login/twitter.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
72578
cf-polished
origFmt=png, origSize=475
content-disposition
inline; filename="twitter.webp"
content-length
282
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oRQmyjpEDQyPf2cU1tFRRqb0L6kCWpS0htN0eJdrJ2Vsj7QNylxhSErooJ0VaBE3ZcjQzkEzcIlVu8cDgha5R0eGfETEitBDFaYl%2FyKEPIs2bVXuiH7%2BsmrLcD70nGPseosS%2F8g%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 22 Oct 2021 21:44:33 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488c64137-PRG
cf-bgj
imgq:85,h2pri
bootstrap.js
www.bleepstatic.com/js/redesign/bootstrap/js/ 		50 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bootstrap/js/bootstrap.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c13d034eaf2fa73680d0abdbe02ac23b73e3128b5c7f0ee7018eb7b3fbe84a72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6052
cf-polished
origSize=75484
last-modified
Wed, 13 Feb 2019 14:22:49 GMT
server
cloudflare
etag
W/"984724076"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJhSMasIvacuH%2BG5g7ny1eLPfsXfjsX18QSfyuZWyj%2Bfg6bm5TKz4D%2F5L%2BdNALrQU2Chug30%2BKuZ81ujuqr3MMeCKsywtXKaIqhmIUvnBIVAY5%2FXZvJIP9astWAJS8GFQA%2Fa0Oc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
expires
Fri, 28 May 2021 05:38:10 GMT
cache-control
max-age=3024000
cf-ray
6935a30488c74137-PRG
cf-bgj
minify
blazy.min.js
www.bleepstatic.com/js/blazy/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2338
last-modified
Thu, 16 Aug 2018 21:06:19 GMT
server
cloudflare
etag
W/"753357888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWKXuCg6aRt2gieg%2B%2BfZqkC0P4Pmcfm9B0T0p38U0F7LMVn911SkFf12nJJTeLM7sSIFKVm2pygmMrfUqieEQ2NH3ZCNCw7zDn7tskniZkaBIy1apG7nkEzxnztceDNLGgrFNcI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
6935a30458804137-PRG
expires
Fri, 28 May 2021 05:38:10 GMT
bleep.js
www.bleepstatic.com/js/redesign/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/bleep.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2338
cf-polished
origSize=3600
last-modified
Mon, 01 Oct 2018 12:47:57 GMT
server
cloudflare
etag
W/"2696894447"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMH2RFwKQjbZZhG%2FyjXnMllNizWtohlbaRblcGgr7aeFsCMEFpp3VI9OiAoCvIPvTNUIFPzJRe7Sg5lQB8dhBSB8eiWJdGy8YEwLIrRGBnFmkfVqwBMh93Lzml%2FzXFDw6RrOYcs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
expires
Fri, 28 May 2021 05:38:10 GMT
cache-control
max-age=3024000
cf-ray
6935a30488c84137-PRG
cf-bgj
minify
jquery.fancybox.js
www.bleepstatic.com/js/redesign/fancybox/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6035
cf-polished
origSize=48706
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"327140449"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccm%2BRabJzsnuavdDZ%2FFE1xMpFfRgjp1CDbx6Oxy1P85CPBKGbHpvNcaOwxkUgx9dy2DKFG3U7TY0KZnyCcYzaPgBnLLQcn0YKkH2uSNxQsw%2BNhAGkTYx5qSD1%2ByQX1sgdkLPN00%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
expires
Fri, 28 May 2021 05:38:10 GMT
cache-control
max-age=3024000
cf-ray
6935a30488c94137-PRG
cf-bgj
minify
fixto.min.js
www.bleepstatic.com/js/fixto/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6052
last-modified
Sat, 13 Jun 2015 21:34:42 GMT
server
cloudflare
etag
W/"1740214911"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7WYOXwCB2oYzYxQIx4zLyEM%2BiSqvrWAChHejjf19urA4mMGK7kvimhw4P%2BRN1bscSyms8NiinrVedgw%2BbeGTr%2FMO3N%2BDUAYQ7vG5fM4T2aDbcpmwlE4KygM1BGZsb%2Fq8Yz1A09I%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=3024000
cf-ray
6935a30488b14137-PRG
expires
Wed, 30 Dec 2020 05:58:46 GMT
addthis_widget.js
s9.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s9.addthis.com/js/300/addthis_widget.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Thu, 23 Sep 2021 17:54:11 GMT
x-host
s9.addthis.com
content-length
116325
beacon.min.js
static.cloudflareinsights.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.65 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
last-modified
Wed, 22 Sep 2021 16:39:17 GMT
server
cloudflare
etag
W/2021.9.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6935a304ae875c1a-FRA
connatix.playspace.dc.js
cds.connatix.com/p/130397/ Frame 6A96
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js
  • https://cds.connatix.com/p/130397/connatix.playspace.dc.js
1 MB
235 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/130397/connatix.playspace.dc.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7b4dfe0116aa5e7337912f97ae96a7fb8f6cc0e8f0417cca7e47a98dac3ee500

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
last-modified
Thu, 23 Sep 2021 11:31:31 GMT
age
18688
etag
"8b26d116b848172391a8bf4bb2690175"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
240109

Redirect headers

location
https://cds.connatix.com/p/130397/connatix.playspace.dc.js
date
Thu, 23 Sep 2021 17:54:11 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
age
0
accept-ranges
bytes
content-length
0
retry-after
0
fab.js
ecdn.analysis.fi/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.analysis.fi/static/js/fab.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-46.fra50.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
786dbb4402793fadd0112db771392a0509ffcb2806545e94a879af9c6d87415f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:05:26 GMT
content-encoding
gzip
age
2925
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 22 Sep 2021 19:29:49 GMT
server
nginx/1.18.0
etag
W/"614b842d-10af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
agUOzOUCYZtgXMqn5evVo_hQ2MI3lCBNExBm1vm-PyzNpaV18S_xqw==
expires
Thu, 23 Sep 2021 18:05:26 GMT
fi_client.js
ecdn.firstimpression.io/ 		658 KB
180 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecdn.firstimpression.io/fi_client.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-113.fra50.r.cloudfront.net
Software
nginx/1.18.0 / PHP/7.3.23
Resource Hash
1b6b991e1fba2677f90c7233e9466d91e437d21c4cb131124387331a9f50912c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:25:05 GMT
content-encoding
br
age
1746
x-powered-by
PHP/7.3.23
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
x-xss-protection
0
access-control-allow-origin
*
last-modified
Thu, 23 Sep 2021 17:25:05 UTC
server
nginx/1.18.0
etag
W/"b4ad606bb62f2db2f953512a96280b82"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
-G7t7sIxFRol-_naAhnPxDWBDDnVTgletNSbZGgnlzBo_yalzmS3rg==
expires
Thu, 23 Sep 2021 18:25:05 GMT
login_bg.png
www.bleepstatic.com/images/site/ 		126 B
526 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/login_bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
163896
cf-polished
origFmt=png, origSize=187
content-disposition
inline; filename="login_bg.webp"
content-length
126
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=McSC%2FweBB1zk3c3CxmuDAPs5If9dBXaIKHDDt6KzOIMiMNEup%2F7b5J7xvA0xTZecKRRMZ9cwhsf2t9F6RcAmKtR1HRJFrciWoyGGM5oCvnnEExKc4peajIeCdefXPSkf7yJJlx4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 21 Oct 2021 20:22:35 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a30488ca4137-PRG
cf-bgj
imgq:85,h2pri
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bleepingcomputer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:41 GMT
x-content-type-options
nosniff
age
91350
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bleepingcomputer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:45 GMT
x-content-type-options
nosniff
age
91346
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:45 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
nav_bg.png
www.bleepstatic.com/images/site/ 		72 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/nav_bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1800
cf-polished
origFmt=png, origSize=83
content-disposition
inline; filename="nav_bg.webp"
content-length
72
last-modified
Sat, 04 Mar 2017 07:57:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RhV5GhG2Zc65FNwPCbijP43W4B0aul2%2BOwhb%2F7MCUVfSxrcn6L%2BoHirKcIQ2pAEun9JWEccSJqty%2FumJuK%2B3JaOVv7%2FCX0P%2BmArZ53YyfOLuuEewSHxiPE0bQFJZDHiu%2B6y8qqY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 23 Oct 2021 17:24:10 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304a8db4137-PRG
cf-bgj
imgq:85,h2pri
20x20-printer.png
www.bleepstatic.com/images/site/ 		422 B
810 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
340786
cf-polished
origFmt=png, origSize=824
content-disposition
inline; filename="20x20-printer.webp"
content-length
422
last-modified
Sat, 03 Oct 2015 03:18:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTbTnJE707TTf28dK4IhKHz8Y8Y%2BlCC6zZm%2BtY%2BLqgBPhsU1WQSj5VjSeXvizPP9Im9Bi95yex1vABrFTSXdmVwU1qd%2Bl8wRHAWqWhxd95vrKKx3%2BNNLIX1EAqrtBhBkD%2BeF7lo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Tue, 19 Oct 2021 19:14:25 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304a8dd4137-PRG
cf-bgj
imgq:85,h2pri
calendar.png
www.bleepstatic.com/images/site/ 		86 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/calendar.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/news.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
341018
cf-polished
origFmt=png, origSize=129
content-disposition
inline; filename="calendar.webp"
content-length
86
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=trXNtIOFjpfDydsJXI0eDjM8Tu6EQUJ0amiKEiS6qJlpxWAJ4OMJL8ybqByv9YdQOwN0oiZzGhPnQPAUqYd4InPgUubXv4d37CaUx%2B9b45AoSco1gKtCNHbaY6z1nUk5qW0kzCY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Tue, 19 Oct 2021 19:10:33 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304a8de4137-PRG
cf-bgj
imgq:85,h2pri
clock.png
www.bleepstatic.com/images/site/ 		252 B
781 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/clock.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/news.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cdb6bfef8d4212d9bf634ca6724a28e85dfa69cd404e6f9d3760d70a7873949

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
91512
cf-polished
origFmt=png, origSize=1316
content-disposition
inline; filename="clock.webp"
content-length
252
last-modified
Fri, 29 May 2015 07:08:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RdPGellDXalGKBzvVcRKWpEL4QpJqcWKtaDIbm3eFAMTJcmDaM3BkMjFiQohIR6BQ0aA0eSV%2BcgW9wRVq330W%2FGTAbaOwqj%2B3rdvO%2FUAWcOJNVPnMJr64F3ru9%2FVN6l0arwFp1s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 22 Oct 2021 16:28:59 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304a8e04137-PRG
cf-bgj
imgq:85,h2pri
comment-light.png
www.bleepstatic.com/images/site/ 		94 B
480 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/comment-light.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/news.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfac05f501d6d4d62e29fff1049569c3c2aa8732af8db3a36e8fa252f05f5861

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/news.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
671560
cf-polished
origFmt=png, origSize=1034
content-disposition
inline; filename="comment-light.webp"
content-length
94
last-modified
Fri, 29 May 2015 07:08:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVzB6kT1RwxG%2FeVA8rwr0WKnf2VUtiZQ4uERBirE2EIhzyZxlwvzaU1oOnzq7TPf%2FYn%2BgbmXv3ub%2B8wKo8MiKyQd982TQJ%2B1zS86RdksnYqOftXmydDFZ6lLV8uHSCRltUGSuf4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 15 Oct 2021 23:21:31 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304a8e14137-PRG
cf-bgj
imgq:85,h2pri
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bleepingcomputer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:32:14 GMT
x-content-type-options
nosniff
age
91317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:32:14 GMT
choice.js
quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a5ad4fb0d40625889969083053d32ab1191e66c11bb4aebfde2643954c0f5673

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:53:24 GMT
content-encoding
gzip
age
73
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
last-modified
Wed, 10 Feb 2021 21:51:23 GMT
server
AmazonS3
etag
W/"2a272bfedaf02360b78846550b427698"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
content-type
application/javascript
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
0CvIlig1dOcNYRyD-es8I-ChRZ06K4Z_l35HzI_CsAlCK2mCEzNaFw==
32x32-printer.png
www.bleepstatic.com/images/site/ 		256 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
162693
cf-polished
origFmt=png, origSize=618
content-disposition
inline; filename="32x32-printer.webp"
content-length
256
last-modified
Fri, 02 Oct 2015 21:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvJWpJ1lwZ9kLxkGZc4wQ394Vg1H8GRiwBLIGU3ZKv0Cr%2BlhvIq8GW1QrC1WYl%2B2lwoBxpHlqCOqMFIewQeuEq4cGCjIpx7RDGpuQ1r8Pf4%2BuUeZX1FuYVcmqIy54Tccx%2BSc9dk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 21 Oct 2021 20:42:38 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304d91f4137-PRG
cf-bgj
imgq:85,h2pri
f6ed52794113bed991ef57a9029d9e70.jpg
www.bleepstatic.com/author/photos/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/author/photos/f6ed52794113bed991ef57a9029d9e70.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
450e469eb374f3a1586e43f09f042fe1a4b60eddd240e486a7ecaefa8855fbe5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1079971
cf-polished
qual=85, origFmt=jpeg, origSize=52423
content-disposition
inline; filename="f6ed52794113bed991ef57a9029d9e70.webp"
content-length
5484
last-modified
Wed, 08 Aug 2018 21:58:25 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ze60Yb2Te4UNHJb5K6VYwgLi%2FzKnilkXsfix0aKfo6dNKsKm3KB7MjsGRjLg3%2Fl8%2FMkXM14NEMZsKZFEgXbPPXIG6zTtsSHBdYeqdHJtXgMtTu0oydXKi80%2F79T1gfSMpeU%2BZ84%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Mon, 11 Oct 2021 05:54:39 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304d9204137-PRG
cf-bgj
imgq:85,h2pri
h4-bg.png
www.bleepstatic.com/images/site/ 		38 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/h4-bg.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1025655
cf-polished
origFmt=png, origSize=72
content-disposition
inline; filename="h4-bg.webp"
content-length
38
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sl54IyOT6o5ecpDkb72SGUBlUqXKOOjw9r99fIh3yFpdOMHaTxmEZrYaFGvBhuKyB0haL6%2BRryoEDJ9JRGv%2FTZp9lvepnSK7vo6IWOSRjNvyE5gWOL6QNc93vwGL33aq706%2FN1k%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Mon, 11 Oct 2021 20:59:56 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304d9224137-PRG
cf-bgj
imgq:85,h2pri
news_email_icon.png
www.bleepstatic.com/images/site/ 		126 B
508 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/home.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/home.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
961297
cf-polished
origFmt=png, origSize=1105
content-disposition
inline; filename="news_email_icon.webp"
content-length
126
last-modified
Fri, 29 May 2015 07:10:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WpzUNxQ6sg1U2HEVAQNoNHalWY8yf%2B4Tmbn6XTuY2wmhoj1u2yOqXZh9ZZLLATskihdAEPQ5hp%2Fpwo5ygS7ffzGaKVjqjVXDLdc9aZ05x9Ef8oVgSH7S4MwmymOWqew9tE5ons%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Tue, 12 Oct 2021 14:52:34 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304e9254137-PRG
cf-bgj
imgq:85,h2pri
news_footer_icon.png
www.bleepstatic.com/images/site/ 		110 B
547 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepstatic.com/css/redesign/main.css?v=04.27.21.7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1616
cf-polished
origFmt=png, origSize=186
content-disposition
inline; filename="news_footer_icon.webp"
content-length
110
last-modified
Sat, 04 Mar 2017 20:46:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tDiwQxsXuQrm59i5zz0%2BcXbUcKZJXYiZjySi3c%2BK3okoidTzDlk1dmr2iKKfZuPQ3aszNnoYerhulk6AF5wFEmgHkI%2BSY%2Fn%2Bop26Oel0%2FBh%2BqzfFrByFQ4jP9pPcWJdoJ%2BVMZs8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 23 Oct 2021 17:27:15 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a304e9264137-PRG
cf-bgj
imgq:85,h2pri
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bleepingcomputer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options
nosniff
age
91334
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:57 GMT
favicon.ico
ad.doubleclick.net/ 		1 KB
685 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 09:11:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31387
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 24 Sep 2021 09:11:04 GMT
achoice.svg
widgets.outbrain.com/images/widgetIcons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-190.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
last-modified
Thu, 24 Jun 2021 14:35:21 GMT
server
AkamaiNetStorage
etag
"9d26fa4e7238ed94f1d0d92afb453b3e:1624546014.914244"
access-control-allow-methods
GET,POST
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
2735
expires
Sat, 23 Oct 2021 17:54:11 GMT
jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1020321
cf-polished
origSize=4895
last-modified
Wed, 14 Oct 2015 20:25:51 GMT
server
cloudflare
etag
W/"9108074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgD2NFwsf1npubFGs78Sq6Y3CTGz00t2EoysmGt7eH0hdhir01ZGZSyuq6FjsRLmRwYb5cMkYeeKKVXUWOtwjUN4wKq%2BDfj6DTXoO2GpN2sdFpF26WyyqBcevsOn%2BApSpVW7MDY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
expires
Sat, 16 Oct 2021 22:28:49 GMT
cache-control
max-age=3024000
cf-ray
6935a30539944137-PRG
cf-bgj
minify
font-awesome.css
www.bleepstatic.com/css/redesign/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6859
cf-polished
origSize=26776
last-modified
Tue, 03 May 2016 04:39:29 GMT
server
cloudflare
etag
W/"1700274315"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38w31V117zDag%2FFGzl02JKsBHVevvuH0cfswlfHsDiypYHzSalcZi3%2Fmq2GtcJRWj4YV2AYaYhL%2BiV8nxBBzayOPfENjGXmp%2F2Ai5l7IBDdYQkakW7ObvoolgA%2FTxo91wT9jkqI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 23 Jul 2021 01:20:04 GMT
cache-control
max-age=3024000
cf-ray
6935a30539964137-PRG
cf-bgj
minify
292x176_Exchange4.jpg
www.bleepstatic.com/content/hl-images/2021/03/10/thumb/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2021/03/10/thumb/292x176_Exchange4.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
459f28b600f9e797d787edbafe630e97b7de63544ea0745f9dda1f311d11fd22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
49927
cf-polished
qual=85, origFmt=jpeg, origSize=35931
content-disposition
inline; filename="292x176_Exchange4.webp"
content-length
7734
last-modified
Wed, 10 Mar 2021 15:35:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2ByruiMrQkhl93Ssj3qAOKv7zczMpOIBKcauP%2FYCfzIRcziLNxev5zrLElapwvX6zWgP3%2BIbVZTHWl3nRCeCNIQBHA%2FogNVkzmYa6BVUdFLtQT99yTe2yUUkBSLyT5%2BAIdBAWi8I%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 23 Oct 2021 04:02:04 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a3057a034137-PRG
cf-bgj
imgq:85,h2pri
292x176_VMware.jpg
www.bleepstatic.com/content/hl-images/2020/11/20/thumb/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/content/hl-images/2020/11/20/thumb/292x176_VMware.jpg
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9244c46bc50349bd4ff3fa908a72b1085afe125f05f7c411e2d57adb259dcd2c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
128312
cf-polished
qual=85, origFmt=jpeg, origSize=5461
content-disposition
inline; filename="292x176_VMware.webp"
content-length
4620
last-modified
Fri, 20 Nov 2020 17:42:17 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLomR17ps1TJKVCFWgQg4GhR3%2FnPIkXotcHFmBf%2BVsFuAFQt1ydCGPuqN1V15fzyBuNO95fTUL1HMZRcxqjPs2e81%2B1HNn0VFHQ10%2FSahvATwLPFwUT8Q7Qq2Z7QmssTph1GpJs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 22 Oct 2021 06:15:38 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a3057a054137-PRG
cf-bgj
imgq:85,h2pri
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
3731
date
Thu, 23 Sep 2021 16:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Thu, 23 Sep 2021 18:52:00 GMT
quant.js
secure.quantserve.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c9d50edae9ab89f8373214510b01eb50f60e16bd5e71328173962c0e13b31c07

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
etag
"dfAcRt65NMPvqdNgsZZi3w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Thu, 30 Sep 2021 17:54:11 GMT
cmp2.js
quantcast.mgr.consensu.org/tcfv2/23/ 		266 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/sktb670LZWvFX/www.bleepingcomputer.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:53:53 GMT
content-encoding
br
age
66
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
access-control-max-age
86400
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:37 GMT
server
AmazonS3
etag
W/"1d55b13d85c9837da884d1e8594cc025"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-meta-qc-ineu
True
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ByGCRyYQR3mK_knngEgis1jVbAVd18yepJjg6euduhzpB6bx6iobdg==
fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer
https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin
https://www.bleepingcomputer.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
cf-cache-status
HIT
last-modified
Thu, 23 Apr 2015 09:36:00 GMT
server
cloudflare
age
6051
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgSDtOVt9d9MubYrwce115cZ19BkybXvbS1aGp44x3sWq6rOTxmI8AiDlpz%2FgN4ap4kRQ6dLF0GJb2SbsVnQkuGq9YAW5VViAhlbDSZr4gOWzmZ5xMBF4pDtyZI6EeGbcXyAHp4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
*
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6935a305ee9127c0-PRG
content-length
65452
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=29728
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 		2 KB
855 B 		Script
General
Check archive.org
Download Go to
Full URL
https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
etag
-1659864586--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=30, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
678
300lo.json
m.addthis.com/live/red_lojson/ 		89 B
249 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=614cbf43a1c5d7cc&bkl=0&bl=1&pdt=756&sid=614cbf43a1c5d7cc&pub=ra-561517d2c7f964d6&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.bleepingcomputer.com&fp=news%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=computers%2Cwindows%2Clinux%2Cmac%2Csupport%2Ctech%20support%2Cspyware%2Cmalware%2Cvirus%2Csecurity%2CAPT%2CCyber-espionage%2CHacker%2CNation-state%2CRussia%2CTurla%2Cvirus%20removal%2Cmalware%20removal%2Ccomputer%20help%2Ctechnical%20support&colc=1632419651519&jsl=4097&uvs=614cbf43bbcd91f4000&skipb=1&callback=addthis.cbs.jsonp__76270372154727320
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3be38c6b1dd1cf226e8abbbc65affb291b7cbd711f49da8558cd75b1121d5179

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:11 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
89
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame F0A7 		0
0
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 96D5 		71 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
etag
W/"5f971164-11adc"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
26421
date
Thu, 23 Sep 2021 17:54:11 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109210101/ 		255 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109210101/show_ads_impl_fy2019.js?bust=31062896
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
db8b7e5f01920e5e34f1ea6b09e53dcab97c99d6b1f8c952e1cf31933b5e936c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
96562
x-xss-protection
0
server
cafe
etag
8188801785501553426
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 23 Sep 2021 17:54:11 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/ Frame 6FCB 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210921/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210921/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 22 Sep 2021 20:26:37 GMT
expires
Wed, 06 Oct 2021 20:26:37 GMT
content-type
text/html; charset=UTF-8
etag
14847953055219580247
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4613
x-xss-protection
0
age
77254
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
connatix.playspace.css
cds.connatix.com/p/130397/ 		96 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/130397/connatix.playspace.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f51d2d4e9741eeb36c2de4bcb9ed4ce04513e0102ee78275d95d1dba67c932b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
last-modified
Thu, 23 Sep 2021 11:31:31 GMT
age
18689
etag
"61f7a01b349617b43215a5ff2b2fc0e6"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
13341
spc_fi.php
cdn.firstimpression.io/delivery/ 		26 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.firstimpression.io/delivery/spc_fi.php?id=5971&url=%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&charset=UTF-8&ch=17&ref=www.bleepingcomputer.com&viewerId=null&referer=&_firid=34323361
Requested by
Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-113.fra50.r.cloudfront.net
Software
nginx/1.18.0 / PHP/7.3.23
Resource Hash
0f3fa0930cf79ff02551c078842ac9201bb9f5db85260813ea6dd42d95daa7c9

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
x-amz-cf-pop
FRA50-C1
x-powered-by
PHP/7.3.23
x-cache
Miss from cloudfront
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
access-control-allow-origin
https://www.bleepingcomputer.com
server
nginx/1.18.0
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
via
1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-amz-cf-id
WsHWeiBw_D_FuLI4_XuyiYuh3ymG8Ry8mrqEnrWTcZPP6GiQtOywJQ==
expires
0
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1547394165&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&ul=en-us&de=UTF-8&dt=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1536322989&gjid=2117224946&cid=955265408.1632419652&tid=UA-91740-1&_gid=1607028643.1632419652&_r=1&gtm=2ou9m0&z=2049061205
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
init
d.pub.network/v2/ 		62 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.pub.network/v2/init?siteId=535&env=PROD
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
6dbcf22071c69ee17235ebbdc0a5518e4d70de025ae86277183b572bfc107acb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
layers.fa6cd1947ce26e890d3d.js
s7.addthis.com/static/ 		263 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-41cf5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Thu, 23 Sep 2021 17:54:11 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77617
story
capi.connatix.com/core/ Frame 6A96 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=130397
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.208.55 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-208-55.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
5929d8c37546d0b506b56a31a15c366cb157694833c126ed0174f1ad4cf01ff8

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2139
rules-p-sktb670LZWvFX.js
rules.quantcount.com/ 		2 B
377 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-sktb670LZWvFX.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-34.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:50:50 GMT
via
1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
server
AmazonS3
age
201
x-edge-origin-shield-skipped
0
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-length
2
x-amz-cf-id
yrwVwuIjbSN-NMuzFqR17TlQFUh6gxNViHJhajiJ1hRJY4JpJseKMQ==
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/ 		153 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e73d3b1d5d0310f9cf2a2e6edca7b52de355505e19a74794004e7654319fbc68

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 03:00:32 GMT
content-encoding
br
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
53620
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Thu, 23 Sep 2021 03:00:27 GMT
server
AmazonS3
etag
W/"5cb5a7d33607f3cc1e6f9ed3a628919b"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 32c8da10203574baccb74b8f771a7ffb.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
kJCVnniRPmecSkgzU-Ul17Hy1WLD2mryFaZI-AuucUfTnTXJqoMwFA==
collect
tracking1.firstimpression.io/ 		2 B
261 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tracking1.firstimpression.io/collect
Requested by
Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.233.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-233-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 23 Sep 2021 17:54:11 GMT
access-control-request-method
*
access-control-allow-methods
OPTIONS, GET, POST
content-type
text/plain
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
2
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-59.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a5c20add80dfa892c8ce20c1185a664b9d9ba991c3b7281db96dab5178bfbf6

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 03:00:57 GMT
content-encoding
br
age
53595
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
access-control-max-age
86400
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 21 Sep 2021 19:52:29 GMT
server
AmazonS3
etag
W/"c9ca46e8bca386b00ae734ec7f36e72e"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
53eMtdSFMejUNxoIEd.wWdAMwnfkg3aL
via
1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA50-C1
content-type
application/json
x-amz-cf-id
s4PHTJ-rkVDVysVAzHUbBTveqXMFbZ_oCYwKPZyrNr1SiFWvVFuILw==
48.008759e9efe1c1b693dd.js
s7.addthis.com/static/ 		281 B
486 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-119"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Thu, 23 Sep 2021 17:54:11 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
246
shares-post.json
api-public.addthis.com/url/serviceapi/ 		2 B
327 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-121.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
surrogate-key
sFbt=https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
last-modified
Thu, 23 Sep 2021 17:00:00 GMT
server
nginx/1.15.8
date
Thu, 23 Sep 2021 17:54:12 GMT
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials
true
content-length
2
info.json
www.reddit.com/api/ 		18 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&jsonp=_ate.cbs.rcb_icuy0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
05a9e97f7f3a56f3eb9397da71f723e2a0a34de7d626b74823618ce4c4d3f09a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ratelimit-used
2
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
*
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
accept-encoding
content-length
2443
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
x-clacks-overhead
GNU Terry Pratchett
server
snooserv
x-frame-options
SAMEORIGIN
date
Thu, 23 Sep 2021 17:54:11 GMT
x-ratelimit-remaining
298
content-type
application/javascript; charset=UTF-8
via
1.1 varnish
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset
349
accept-ranges
bytes
expires
-1
info.json
www.reddit.com/api/ 		144 B
693 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&jsonp=_ate.cbs.rcb_8d3i0
Requested by
Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
b746f9ab418814aedd97f692a111978908bddafc965c34c84efddb1e2922e6ce
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ratelimit-used
1
via
1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
144
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
x-clacks-overhead
GNU Terry Pratchett
server
snooserv
x-frame-options
SAMEORIGIN
date
Thu, 23 Sep 2021 17:54:11 GMT
x-ratelimit-remaining
299
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset
349
accept-ranges
bytes
expires
-1
vendor-list.json
quantcast.mgr.consensu.org/GVL-v2/ 		287 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a7137149c434905bf668231ae60c779cd0943bbf599cfb16e4b7f424725da8d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 03:00:39 GMT
content-encoding
gzip
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
53613
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Thu, 23 Sep 2021 03:00:33 GMT
server
AmazonS3
etag
W/"e84ccd5ab9975e9b0d2c21478b756371"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 32c8da10203574baccb74b8f771a7ffb.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
HBJP0NxqidAVFxiN4d-_Rq9T5HWmjCIi5mxNOKSF9KJHKKQwVSB8qw==
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/23/ 		469 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2.js?referer=www.bleepingcomputer.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 09:45:30 GMT
content-encoding
br
age
115722
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Fri, 18 Dec 2020 15:09:43 GMT
server
AmazonS3
etag
W/"b999c652510fc4edd897a1d667aaee33"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
tsbaorvn32OrK5SVWp4adjQEsuWSo2j0PU3TmhFVtSCoGiHIE8-3wA==
beacon.js
sb.scorecardresearch.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-82.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 05:46:45 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
43655
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-edge-origin-shield-skipped
0
content-type
application/javascript
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
zdFZ7_Sa1yWpglQRyNo7fe_HCahsrLaHEAXtANPNEeeWXqN5RO1FUw==
pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
a.pub.network/core/pubfig/ 		396 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5699e55c9324f8deac7aa5d795cde1d643115d21b656e5078653a98fc1d70729

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=qVUF6w==, md5=EKIXzes2BtfkQEm3efAJ+Q==
date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdvTziASZzX7IrTKYRjKEBgmBYVTXk1FBQ-guI7OS8rcP2SpDc2_fLxc2NdEZvU3cRwePgnh41S-rLnNO9ZKzeM
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
cf-ray
6935a3084f0cf9e2-PRG
last-modified
Tue, 14 Sep 2021 16:20:59 GMT
server
cloudflare
etag
W/"10a217cdeb3606d7e44049b779f009f9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9zfkv%2FpEt6AM9EHeMO5UtG9%2Bu3%2FiB3AZFf0WCCKXeGWJ%2Bp2YU96%2FuUVqEbcoR%2BOZGywt6VH%2FVX9zl3XkOlQAcxxWKc8bPdRP%2F%2Bw3DTWNitnjAV%2FPTtfMD5Kl6Rm7lQ%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
access-control-allow-origin
*
x-goog-generation
1631636459492535
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
405727
content-type
application/javascript
expires
Wed, 22 Sep 2021 23:28:32 GMT
/
audit-tcfv2.quantcast.mgr.consensu.org/ 		80 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22sktb670LZWvFX%22%2C%22domain%22%3A%22www.bleepingcomputer.com%22%2C%22publisher%22%3A%22BleepingComputer%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.23%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22QejiQDikjMDrMVyfjnFdmQ%22%2C%22clientTimestamp%22%3A1632419651916%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-e0n3e6uhvq6epqzqsapp%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/23/cmp2ui-en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-71.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 03:05:41 GMT
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
age
58106
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
access-control-max-age
3000
x-cache
Hit from cloudfront
content-length
80
last-modified
Tue, 26 Nov 2019 14:21:44 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
vary
Origin
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
r_4xvgqdbbZQGXpRs4Bwy_PPt_ykU85ZRfEa2to16pkWBIFZ16H7rQ==
bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57292d9d8c895f526c9f7cdae30de7ee3bad46137b432711a1c1fb19a3061cab

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1295166
cf-polished
origFmt=png, origSize=15281
content-disposition
inline; filename="bleeping-computerlogo-lg.webp"
content-length
6986
last-modified
Wed, 07 Jan 2015 22:52:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FrkrVkR8z9NgYjtCejV6tvd%2Flhin8%2FCAkhrbuGw%2FZmUTwaEiFk5K0JQ9VipPPOuZwK%2BVjnpW4qKbLgWa36PQ02tckEbUBL30NqE%2B8tvSxtuJ9SfYp8cUjUjBfguyqkcPfcYSQqI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 08 Oct 2021 18:08:06 GMT
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6935a3091e094137-PRG
cf-bgj
imgq:85,h2pri
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=htt...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=ht...
64 B
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&c9=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-82.fra50.r.cloudfront.net
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
tJpWhJlvySnJOfa303UruS79rjEIiNq64vH_KvAuYu53jEYKXbinKQ==

Redirect headers

date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1632419652033&ns_c=UTF-8&cv=3.5&c8=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&c9=
content-length
352
x-amz-cf-id
cE4xQwQ8jvkDHedw7J-lYKTqGdlQif0IRjYCE5onTbXfQojpLAQ6Hw==
pandg-sdk.js
pghub.io/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pghub.io/js/pandg-sdk.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
217.45.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:10:41 GMT
content-encoding
gzip
age
2611
x-guploader-uploadid
ADPycdtyQGvByGIZSTO7wiqdQgA-tOzBtKQynn4OP6-sgKG--918Vlvg0A2i26rAoy0_OYNUovAq4izAExA1VaY38Uw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1482
last-modified
Wed, 07 Apr 2021 18:40:01 GMT
server
UploadServer
etag
"dd7e4933d35d1a7cb610442e9bea8b94"
vary
Accept-Encoding
x-goog-hash
crc32c=dtXWGA==, md5=3X5JM9NdGny2EEQum+qLlA==
x-goog-generation
1617820801121016
cache-control
public,max-age=3600
x-goog-stored-content-length
1482
accept-ranges
bytes
content-type
application/javascript
gpt.js
www.googletagservices.com/tag/js/ 		73 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
2c67caf4d2f4c50ebefc183c6ccc8e615aad2da1d491b1ac265c479f9dd19d3a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"995 / 896 of 1000 / last-modified: 1632416711"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24882
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 23 Sep 2021 17:54:12 GMT
tag
btloader.com/
Redirect Chain
  • https://freestar-io.videoplayerhub.com/gallery.js
  • https://btloader.com/tag?h=freestar-io&upapi=true
108 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?h=freestar-io&upapi=true
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.70.134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7cc31cf2bdd679f09c2d137ae4e8d0c4a4cf21ea652a4c5be54035b7c66fce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray
6935a30a3a1f27c0-PRG
date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2272
etag
W/"e6efedec4e43f51f3b094617e6165807"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTKuBflvgVS7RISt%2BdXgQwIbTHlPn6BAz3IVSjt4N8aKRROhlFTeEUBiyhjPnyFZ7kzcM4GFMLFpitIpsF8f5HmWoiiv2RZiS41fOMb3npqKeiRy37oUiz4FP6O4uA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
content-encoding
br

Redirect headers

date
Thu, 23 Sep 2021 17:54:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HU479dYsuZ1jT0cI8eS1%2FIyFCcNYTFPySDEOIB7dkT9LJHCsB0gNZd%2Ffdf4lcIe3TXnPPGe5EozoqXV5vv5mHhhQwNy27RjB3yy1kgJ0L6iuwKJLdKRXFW%2Bf4B6oCKCqUV6%2FYgrLOcVvSk5Igar0Lg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=freestar-io&upapi=true
cache-control
max-age=3600
cf-ray
6935a309c8234126-PRG
expires
Thu, 23 Sep 2021 18:54:12 GMT
184310-82987131453484.js
js-sec.indexww.com/ht/p/ 		0
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/184310-82987131453484.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Sep 2021 17:01:01 GMT
Server
Apache
ETag
"76422d-0-5ccac934b0908"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=611
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
20
Expires
Thu, 23 Sep 2021 18:04:23 GMT
prebid-analytics-4.42.6.js
a.pub.network/core/ 		454 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/prebid-analytics-4.42.6.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c9adacf90f2c434aef36301ba50b24bfe9b10651508fd1ff8880247106872c1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=/naSAQ==, md5=kgFsZ5XU+mBrDiHSNTa40w==
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdtgihXuuyTOv4Iho-iCGkngC3ZvTxa3KmM0eWjPqWg4rXsOTpy__NaQNDh1r_OvKsowoe1Yw3iKB0gysKUqgfc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
cf-ray
6935a3099fddf9e2-PRG
last-modified
Thu, 05 Aug 2021 15:36:48 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ox5f8%2BW8vmyn%2Fv9fZS0Gr9oNMzoHYKBgWY5NcSN6FyhFEgAL4e1ToYOP5D0hrvb4PXY2USa4OxaVxWOROF9mVtymCsSq%2BoSLLorExrR3I3s%2FMqMUr5RcORW2d%2BxCSbg%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
access-control-allow-origin
*
x-goog-generation
1628177807921390
access-control-expose-headers
*
cache-control
private, max-age=86400
x-goog-stored-content-length
464928
content-type
text/html
expires
Thu, 22 Sep 2022 22:29:28 GMT
pubads_impl_2021091501.js
securepubads.g.doubleclick.net/gpt/ 		334 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091501.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
52c41152c7916b4cf3b3a90f790faa0ba7f746603671e286531bc50407d844ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119151
x-xss-protection
0
last-modified
Wed, 15 Sep 2021 08:39:44 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 23 Sep 2021 17:54:12 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		173 B
772 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.bleepingcomputer.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
d676ce65302aa315d4907ed26a7747e7c635421f0ff830eadece68fa2ab8ba1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
115
x-xss-protection
0
expires
Thu, 23 Sep 2021 17:54:12 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		73 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
e539621b61632433639bcc621c631db1823d204ce417cfa715e26a2f027f0c64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"995 / 249 of 1000 / last-modified: 1632416833"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25712
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 23 Sep 2021 17:54:12 GMT
3c95aa70-4416-432e-bf8a-aadb30d8ed3c.bin
vid.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ Frame 6A96 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/3c95aa70-4416-432e-bf8a-aadb30d8ed3c.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
08d3eb70eae303f1279feb07951346b2e22786a30e04d4f6659df9704d033456

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
last-modified
Thu, 23 Sep 2021 16:31:18 GMT
age
4589
etag
"d1a49a4919b25634923de5f6cfd28278"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
812
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 6A96 		345 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
dcadac01c15fd23fd69c73bd74aea64b86e95a4fd847b4049dff4b9abc65165e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
121280
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-instream-static"
expires
Thu, 23 Sep 2021 17:54:12 GMT
1.png
img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/1.png
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
956035a88a8424f2d36b292231cd4cd7ed705d412b47a7aa929f7b537196c1cb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
1874799
etag
"o7hSHwAUmCBIixIgiGzuW02nJNU8oGEvPnjWp++AQj4"
access-control-max-age
86400
fastly-io-info
ifsz=11996 idim=794x206 ifmt=png ofsz=9784 odim=794x206 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
9784
sr
capi.connatix.com/tr/ Frame 6A96 		0
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=130397
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.208.55 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-208-55.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
px.gif
ad-delivery.net/ 		43 B
926 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.4432259931470639
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.2.70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date
Thu, 23 Sep 2021 17:54:12 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1507
x-guploader-uploadid
ABg5-UwXkjCiMZcCnzxkg3HxMvN7obGQSYa29h1f56fjJW6-LOWg_OGxiqZ61LVV9hzngbZkRkUtVjI9uRo6f5UZH_VPZZ3w7w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-type
image/gif
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADkmlGCMQO%2F6yyiB3iid08cV5QXYbemGZZHWycVyKriPCni9oWstfQqz7BDeeec7QDQIyRafyUy8YqRZN1Yc4fQ3zL3i0HNtM%2Bo3%2FIS6pGD3vOjY%2FOXemaJmMYnmgdjoaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1620242732037093
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=86400
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
6935a30ab9c74107-PRG
expires
Thu, 23 Sep 2021 17:45:58 GMT
ao
capi.connatix.com/tr/ Frame 6A96 		0
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=130397
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.208.55 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-208-55.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
g
capi.connatix.com/rtb/ Frame 6A96 		66 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=130397
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.208.55 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-208-55.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
34f9690f8a90544be3e1a3885c433ae7e8c4f0f090e133586ce0c2e2d0cecf1d

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
84
ps
capi.connatix.com/tr/ Frame 6A96 		0
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=130397
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.224.208.55 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-224-208-55.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
a30588a4-0573-4090-8f57-50da58617ce6.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/a30588a4-0573-4090-8f57-50da58617ce6.jpg?crop=834:541,smart&width=834&height=541&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d05b2f52c9bb4226b0ce7c630e57fb1353726786a25f0503f69fef6308e212ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4779
etag
"OcviTjOaP9VOfHqZDOnIEqzhiLiXCeflR4jLvMVo6lI"
access-control-max-age
86400
fastly-io-info
ifsz=151555 idim=1600x900 ifmt=jpeg ofsz=47137 odim=834x541 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
47137
514171
vid.springserve.com/vast/ Frame 6A96 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.springserve.com/vast/514171?w=640&h=480&cb=&url=bleepingcomputer.com/&schain=
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.148.138 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-148-138.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0f5dff136e7071b728482a6554cf4910d11f7f90b134b41d586a6745c4783d57

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
nginx
content-encoding
gzip
content-type
application/xml;charset=UTF-8
a30588a4-0573-4090-8f57-50da58617ce6.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/a30588a4-0573-4090-8f57-50da58617ce6.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
51acb417c8a3b7a12e9013a3ce1450a62d195babbe785c6c92cc41c925691479

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4780
etag
"6Lxo8wfEkGHE9sJnXIsQ4WFkHOxL/qysbo7QHAfOeM0"
access-control-max-age
86400
fastly-io-info
ifsz=151555 idim=1600x900 ifmt=jpeg ofsz=41493 odim=834x469 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
41493
c63656e3-1ec7-4948-9250-04384cbeb245.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/c63656e3-1ec7-4948-9250-04384cbeb245.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
476b07300d01ac87154201e7f53058ea566df675c117c00305a8acd7d75449d2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4780
etag
"M0EtRHL12UVPryze9kcpnz+HbTdKZJf4kWgWdqd3OK8"
access-control-max-age
86400
fastly-io-info
ifsz=509943 idim=1600x896 ifmt=jpeg ofsz=54921 odim=834x469 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
54921
36732852-cb9d-4dcd-bd81-2056677e0b10.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/36732852-cb9d-4dcd-bd81-2056677e0b10.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
34beee1c44d75fd15dce4acec84358f92495f58d3077bab53f51c864eac6e9b7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4779
etag
"S1JikHuy7OwOO4SsPmuHDIAWiJC0qME5HnwPRwpb3oM"
access-control-max-age
86400
fastly-io-info
ifsz=101802 idim=1600x800 ifmt=jpeg ofsz=9021 odim=834x469 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
9021
6841e068-6396-4ecd-8c58-298320989278.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/6841e068-6396-4ecd-8c58-298320989278.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cec8d19f458f1e574d6aaad952b2f4f44beeefaf87828f34443807d4aaa22050

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4779
etag
"apy8qM4HGwLkIBRUVppG3THVW/3xrn9qLkUwsXmODos"
access-control-max-age
86400
fastly-io-info
ifsz=66621 idim=1600x801 ifmt=jpeg ofsz=18278 odim=834x469 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
18278
8304e570-7482-4e05-99e4-b60488267ac2.jpg
img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/8304e570-7482-4e05-99e4-b60488267ac2.jpg?crop=834:469,smart&width=834&height=469&format=jpeg&quality=60&fit=crop
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
40fc3110d5f931674959f6969442d44557967cab4a384ac6db64474ec51ee0c1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
age
4779
etag
"4ERujrwUWrMaMXZPBfwSUwO5sBml2uK9Zai/6NQjCKw"
access-control-max-age
86400
fastly-io-info
ifsz=98374 idim=1280x450 ifmt=jpeg ofsz=27816 odim=800x450 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
27816
apstag.js
c.amazon-adsystem.com/aax2/ 		133 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
975b62423e82390a1b54f47625f46f5b4451a8ea69945b2e85008a194bb55edd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:46:48 GMT
content-encoding
gzip
age
443
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
timing-allow-origin
*
server
Server
x-amz-rid
1V3EHTH7YMXWSW8Z2M2W
etag
3900a2c2d757386fb762bfd86288f882
vary
Accept-Encoding
x-amz-version-id
8N42zakBwOFy.ZF9LMqjmgZs3f2_X5lT
via
1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
wKN-gx8Ix2gm4OqjVZ8tBUkEIDM23_RjWqUhx9yELNbotnlZtwC0dw==
op.js
tagan.adlightning.com/freestar/ 		58 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/freestar/op.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-20.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ae4618601156d750a4a6eb1d035bb652500986aeee475db050fa91d3c185bcee

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
VxF4vXS_WvBxXhi9jaZ44T543mp6Li15
content-encoding
gzip
etag
"5867d04662df9fbf1daea2a3d78aee75"
age
2645
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
24392
x-amz-meta-git_commit
7b120a5
last-modified
Tue, 21 Sep 2021 21:34:49 GMT
server
AmazonS3
date
Thu, 23 Sep 2021 17:10:10 GMT
content-type
application/javascript
via
1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
wdhM4H07EujxOls7QK-HJjm6pVp86TxfN9gHc45jk7KOAHYDKdBrSw==
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=86&args=2&stack=Error%0Aat%20dk.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20dk.addEventListener%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Dr%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A349318)%0Aat%20Di%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A389618)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A391156)%0Aat%20HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20pubads_impl_2021091501.js%3A14%3A79208%0Aat%20pubads_impl_2021091501.js%3A6%3A20861%0Aat%20Object._.If%20(pubads_impl_2021091501.js%3A6%3A21094)%0Aat%20l%20(pubads_impl_2021091501.js%3A14%3A79072)&vrg=2021091501&nslots=0&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pv
api.btloader.com/ 		0
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.btloader.com/pv?tid=kEuYBP2AVs&w=5733492711227392&o=5714937848528896&cv=2.0.1-5-g46bafd4&r=false&pageURL=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&upapi=true
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 23 Sep 2021 17:54:12 GMT
cache-control
no-cache, no-store, must-revalidate
vary
Origin
alt-svc
clear
via
1.1 google
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2F&domain=www.bleepingcomputer.com&cw=1&lsw=1
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1493
date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
vary
Accept-Encoding
freestar.js
dggaenaawxe8z.cloudfront.net/ic/audiencesegment/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-79.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f93955f96c40173de1af7905a88a3f319f0a8502bb56bfa08bd256297f3609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 19:32:52 GMT
content-encoding
gzip
last-modified
Mon, 20 Sep 2021 19:32:22 GMT
server
AmazonS3
age
80481
etag
W/"4efe3c6903ca7be776fb582fef88c489"
vary
Accept-Encoding
x-edge-origin-shield-skipped
0
content-type
application/javascript
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
58D1ePJMNFDBpmH3NJ1gaQCz7pNKZ-nK-EtCdxH6tCrNw1xdt2FMyg==
load.js
s.ntv.io/serve/ 		375 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-163.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
aad15a6fbf7002a4ec29808c3c48a5ca17265648f5fa3e4988fc0ef81f909e9c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
x-amz-request-id
Z54EXW47PSHWYX08
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
jqI/jOXaCaK1I+p2/px+UJb2DWIEX+oqboopZGQFUag2TXKwDldqBUtT5wVYHAot2Y1Tb3ARZYw=
Last-Modified
Wed, 22 Sep 2021 21:37:53 GMT
Server
AmazonS3
ETag
"7980e3f72665ae3fdf2ec282747af02e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=43&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.addService%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Ze%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A241642)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246873)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20l%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246395)%0Aat%20bt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A247064)%0Aat%20xt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250286)%0Aat%20or.fillSlot%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A321107)&vrg=2021091501&nw_id=15184186&nslots=1&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ 		372 B
652 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.bleepingcomputer.com%2F&domain=www.bleepingcomputer.com&cw=1&lsw=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
f2f068be85b7718f69109a7eb4b4b4ccb5db05a837bd33c319319380d15cf2d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Thu, 23 Sep 2021 17:54:12 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2317
expires
0
translator
hbopenbid.pubmatic.com/ 		9 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
4215119fe80ae95987529534967243b4abfbfbcdd067b310dcea39dc6a1f0cc6

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:11 GMT
content-encoding
gzip
x-openrtb-version
2.3
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json
cygnus
htlb.casalemedia.com/ 		24 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=393562&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%224c084effd08608%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22550b3ff2639ccc%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2268e87443d6039d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
90fe46113bfbc6f5c431bc1f2ce9d6faab7b8f4ebad3e78d9e2f790d0dcd25aa

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.115], XFF:[]
server
Apache
vary
Is-Traffic-Invalid,Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
44
x-ak-client-geo
12
expires
Thu, 23 Sep 2021 17:54:12 GMT
prebid
ads.yieldmo.com/exchange/ 		0
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22bleepingcomputer_970x90_728x90_320x50_sticky%22%2C%22callback_id%22%3A%228eec399f522b29%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222701628685080797398%22%7D%5D&page_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&bust=1632419652384&pr=&scrd=1&dnt=false&description=Russian%20state-sponsored%20hackers%20known%20as%20the%20Turla%20APT%20group%20have%20been%20using%20new%20malware%20over%20the%20past%20year%20that%20acted%20as%20a%20secondary%20persistence%20method%20on%20compromised%20systems%20in%20the%20U.S.%2C%20Germany%2C%20and%20Afghanistan.&title=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pubcid=411541a6-16f1-4139-a24f-e4271498e66c&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.100.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-100-147.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
v1
dmx.districtm.io/b/ 		0
290 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
cf-ray
6935a30ba8da178e-FRA
access-control-allow-headers
Content-Type, Origin
prebid
ib.adnxs.com/ut/v3/ 		138 B
830 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
21e8d8b0797d560685d411df0d5e6c418fecf54dab920f38fd0f7ea50c2a3fac
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
0bf14033-f6ff-497c-9460-bb3596612d55
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
138
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
270 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=4.42.1&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tmax=1200&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.169.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-169-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hb
ssc.33across.com/api/v1/ 		66 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dPGcAuqZ0r6Ok4aKlId8sQ
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
300162362d4af4e5e7b77d54692836b3edd65b38839fd9eca0ddc2af2e5747eb

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
arj
freestar-d.openx.net/w/1.0/ 		190 B
579 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a0aee797-4e47-4333-88c4-8bdf595dcb67&nocache=1632419652388&us_privacy=1---&pubcid=411541a6-16f1-4139-a24f-e4271498e66c&schain=1.0%2C1!freestar.com%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90&divids=bleepingcomputer_970x90_728x90_320x50_sticky&aucs=%252F15184186%252Fbleepingcomputer_970x90_728x90_320x50_sticky%252Fbleepingcomputer_970x90_728x90_320x50_sticky&auid=540959250
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
8b4cc15903add611a1de1dec9cf32ead4c5a35ede7a7a64a429dbfb2028ece3f

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
server
OXGW/16.216.2
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
177
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
120 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194707c7680952&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
028b495c8157e6650d5964a03dee56ad20210a62f43002a730fa73c157d3ee32

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a969d1301787836013037fa80ed00db&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
eae4eb14d17fea63636f06374dc08bcb6034cbb9276bdf6b28e4778653b3a5dd

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
prebid
prebid.media.net/rtb/ 		1 KB
773 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
52e49403f2e676bb58e84f304972acd11eb91a44b0727c918504de224e8ae189

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
hbjson
grid.bidswitch.net/ 		2 B
318 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.212.217.28 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
28.217.212.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
nginx
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
fastlane.json
fastlane.rubiconproject.com/a/api/ 		9 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55&us_privacy=1---&rp_schain=1.0,1!freestar.com,535,1,,,&eid_pubcid.org=411541a6-16f1-4139-a24f-e4271498e66c%5E1&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tg_i.name=bleepingcomputer-com&tg_i.domain=bleepingcomputer.com&tg_i.cat=IAB19-9%2CIAB19-10&tg_i.sectioncat=IAB19-9%2CIAB19-10&tg_i.pagecat=IAB19-9%2CIAB19-10&tg_i.page=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tg_i.fs_ad_product=stickyFooter&tg_i.dfp_ad_unit_code=15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky&tg_i.pbadslot=15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky%2Fbleepingcomputer_970x90_728x90_320x50_sticky&tk_flint=pbjs_lite_v4.42.1&x_source.tid=a0aee797-4e47-4333-88c4-8bdf595dcb67&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2098616976852521
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.61 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
3cbbd6651b7a82d37835330010e8555542b00d2e71e883d16b25e683bb3bdbce

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
5055
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ 		139 B
831 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
92cc0c318ec8fcf08d999aa5d3cf5fb61c6fb2a4943ba5e0f1c7d164efe6322b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
716e2ec7-0007-4f5d-955f-bdda56328657
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=76&args=1&stack=Error%0Aat%20IE.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Object.push%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A399927)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A399985%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A401087%0Aat%20Fr%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A356021)%0Aat%20Ui%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A394553)&vrg=2021091501&nw_id=15184186&nslots=1&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Ze%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A242001)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246873)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20l%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246395)%0Aat%20bt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A247064)%0Aat%20Object.xt%20%5Bas%20newAdSlots%5D%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250286)%0Aat%20Object.freestar.initCallback%20(https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%3A116%3A135)&vrg=2021091501&nw_id=15184186&nslots=2&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Ze%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A242001)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246873)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20l%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246395)%0Aat%20bt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A247064)%0Aat%20Object.xt%20%5Bas%20newAdSlots%5D%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250286)%0Aat%20Object.freestar.initCallback%20(https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%3A116%3A135)&vrg=2021091501&nw_id=15184186&nslots=4&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Ze%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A241938)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246873)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20l%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246395)%0Aat%20bt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A247064)%0Aat%20Object.xt%20%5Bas%20newAdSlots%5D%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250286)%0Aat%20Object.freestar.initCallback%20(https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%3A116%3A135)&vrg=2021091501&nw_id=15184186&nslots=5&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=43&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.addService%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Ze%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A241526)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246873)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20l%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A246395)%0Aat%20bt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A247064)%0Aat%20Object.xt%20%5Bas%20newAdSlots%5D%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250286)%0Aat%20Object.freestar.initCallback%20(https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%3A116%3A135)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A240798%0Aat%20Array.filter%20(%3Canonymous%3E)%0Aat%20Ke%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A240769)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A242826%0Aat%20e.exports%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A102516)%0Aat%20e.exports%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A118869)%0Aat%20e%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A242789)%0Aat%20Object.xt%20%5Bas%20newAdSlots%5D%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A250438)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A20%3A1224%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20f%20(prebid-analytics-4.42.6.js%3A20%3A932)%0Aat%20Object.l%20(prebid-analytics-4.42.6.js%3A20%3A1705)%0Aat%20u%20(prebid-analytics-4.42.6.js%3A3%3A48751)%0Aat%20Object.r%20%5Bas%20apply%5D%20(prebid-analytics-4.42.6.js%3A3%3A48929)%0Aat%20Object.callBids%20(prebid-analytics-4.42.6.js%3A3%3A72925)%0Aat%20Object.%3Canonymous%3E%20(prebid-analytics-4.42.6.js%3A3%3A126812)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Oe%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A16938)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A7161%0Aat%20Array.find%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A58971%0Aat%20prebid-analytics-4.42.6.js%3A20%3A965%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20f%20(prebid-analytics-4.42.6.js%3A20%3A932)%0Aat%20Object.l%20(prebid-analytics-4.42.6.js%3A20%3A1705)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.481.0_en.html
imasdk.googleapis.com/js/core/ Frame 407C 		320 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.481.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
193142
date
Thu, 23 Sep 2021 13:25:21 GMT
expires
Fri, 23 Sep 2022 13:25:21 GMT
last-modified
Tue, 21 Sep 2021 16:52:31 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
16131
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 6A96 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f6.1e100.net
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 23 Sep 2021 17:54:12 GMT
bridge3.481.0_en.html
imasdk.googleapis.com/js/core/ Frame 5CC4 		320 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.481.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
193142
date
Thu, 23 Sep 2021 13:25:21 GMT
expires
Fri, 23 Sep 2022 13:25:21 GMT
last-modified
Tue, 21 Sep 2021 16:52:31 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
16131
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bridge3.481.0_en.html
imasdk.googleapis.com/js/core/ Frame 948B 		320 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.481.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f10.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.481.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
193142
date
Thu, 23 Sep 2021 13:25:21 GMT
expires
Fri, 23 Sep 2022 13:25:21 GMT
last-modified
Tue, 21 Sep 2021 16:52:31 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
16131
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
b-7b120a5-b3bdc5bb.js
tagan.adlightning.com/freestar/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/freestar/b-7b120a5-b3bdc5bb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-20.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
922851ab1a5fce51fbdb9306f1329bf8e80919b6c443b38792b183da23d15314

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 04:56:59 GMT
content-encoding
gzip
age
1774634
x-cache
Hit from cloudfront
content-length
28519
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 16:44:53 GMT
server
AmazonS3
etag
"740bb6532e59e4676cc74228cc09fc36"
x-amz-version-id
7vSoDick1OFIZRTjmPdylyGMRRN80fGd
via
1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
ayZjOWj5n5PDyJBO7oAwF7fIW69IwvWW-8deK9iRu5H5bLXf7m3fpQ==
bl-79dc637-4820bddb.js
tagan.adlightning.com/freestar/ 		56 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/freestar/bl-79dc637-4820bddb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-20.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc4983ff47aa370208c5d867bd1dab238125083437ff240f94f85a4cb4a46dfd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 21:52:58 GMT
content-encoding
gzip
age
158475
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
content-length
23771
x-amz-meta-git_commit
79dc637
last-modified
Tue, 21 Sep 2021 21:34:03 GMT
server
AmazonS3
etag
"e335d6ac6a62bbf063dcdeb779892a11"
x-amz-version-id
fIAaahuU7JK5zJtRsE_4B1nWh52aVBd5
via
1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
lh0l-UuGp9ab3opi5z9J0cmH8QIv3cXt657TwgxrEk4a9w6Qoz3LXQ==
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/webp
womptv2nm.js
cdn.krxd.net/controltag/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/controltag/womptv2nm.js
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 varnish, 1.1 varnish
age
296
x-cache
MISS, HIT, HIT
x-app-cache
HIT
x-age
0
content-encoding
gzip
content-length
3716
x-served-by
config-service-a001-ash-prod.krxd.net, cache-bwi5175-BWI, cache-hhn4057-HHN
x-response-time
0
x-do-esi
esi
x-timer
S1632419653.585351,VS0,VE0
etag
"fa213313d0f749c73627133b4ab4942a6489b2c7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
0, 1, 115
logs
uat5-a.investingchannel.com/ 		0
455 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://uat5-a.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Requested by
Host: dggaenaawxe8z.cloudfront.net
URL: https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.157.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-157-170.eu-central-1.compute.amazonaws.com
Software
Jetty(9.4.12.v20180830) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
server
Jetty(9.4.12.v20180830)
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
logs
uat5-a.investingchannel.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://uat5-a.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Protocol
H2
Server
52.57.157.170 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-157-170.eu-central-1.compute.amazonaws.com
Software
Jetty(9.4.12.v20180830) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.bleepingcomputer.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-length
0
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers Accept-Encoding, User-Agent
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-methods
POST
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
server
Jetty(9.4.12.v20180830)
config
c.amazon-adsystem.com/cdn/prod/ 		57 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server
Server
x-edge-origin-shield-skipped
0
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
content-length
57
x-amz-cf-id
OF1a2GwCTUfR0tqpDXabrj6j5oO8ey4mQxNt10r59yMfaycdbZkhtQ==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&pid=osgXGL5YiOeSH&cb=0&ws=1600x1200&v=7.69.01&t=1000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_970x90_728x90_320x50_sticky%22%7D%5D&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
z5gxvbazJtUr3pT0xW7NiBwiqUpgsZWrlE5fJgb-99xSfnHacdZ6Bw==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&pid=osgXGL5YiOeSH&cb=1&ws=1600x1200&v=7.69.01&t=1000&slots=%5B%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%5D&schain=1.0%2C1!freestar.io%2C535%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
via
1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
H8586revz_YRnpp0Hr70OYmMUoDNplm40ZZbWnYbT1D4O5XMTwTEig==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
S8kNCKkikutwvs4V44q0sFuZ4JNc9Ate
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
52004
x-edge-origin-shield-skipped
0
access-control-max-age
3000
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Tue, 07 Sep 2021 22:15:56 GMT
server
AmazonS3
date
Thu, 23 Sep 2021 03:56:55 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
iCH3AsSI3wVwzYpf1ZEg5ITSa7zjQLu5ru8HIaNzGCpZahMOk3omEw==
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79210)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Arguments.%3Canonymous%3E%20(apstag.js%3A2%3A122205)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79231)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Arguments.%3Canonymous%3E%20(apstag.js%3A2%3A122205)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79501)%0Aat%20apstag.js%3A2%3A114381%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20%24%20(apstag.js%3A2%3A114351)%0Aat%20apstag.js%3A2%3A122395%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Arguments.%3Canonymous%3E%20(apstag.js%3A2%3A122341)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
arj
freestar-d.openx.net/w/1.0/ 		191 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=540e1738-9085-4dc8-9320-9383eadd9891%2Cf15296eb-033c-4336-89fb-d841ab662c1d%2C23ce68f0-3562-40a2-ac72-d4aabfcdf31f%2C07eb176b-3559-4180-be11-eec6ec69ba22&nocache=1632419652553&us_privacy=1---&pubcid=411541a6-16f1-4139-a24f-e4271498e66c&schain=1.0%2C1!freestar.com%2C535%2C1%2C%2C%2C&aus=728x90%2C970x90%2C970x250%7C728x90%7C300x250%2C300x600%7C728x90%2C970x90%2C970x250&divids=bleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF&aucs=%252F15184186%252Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%252Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2C%252F15184186%252Fbleepingcomputer_728x90_320x50_InContent_1%252Fbleepingcomputer_728x90_320x50_InContent_1%2C%252F15184186%252Fbleepingcomputer_300x250_300x600_160x600_Right_2%252Fbleepingcomputer_300x250_300x600_160x600_Right_2%2C%252F15184186%252Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%252Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF&auid=540959250%2C540959250%2C540959250%2C540959250
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
e0aad029d69e06dc051807823dc5e5765186187f125a660b2d177b692869246f

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
server
OXGW/16.216.2
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
178
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		472 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
c08b67df1a99f8b39d7b2139082176c3f80cee8e5968ac1ea52db94b34c08727
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ac6e84df-0056-40fd-a21b-5879fb24f597
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
472
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		10 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2%3B2%3B15%3B2&alt_size_ids=55%2C57%3B%3B10%3B55%2C57&us_privacy=1---&rp_schain=1.0,1!freestar.com,535,1,,,&eid_pubcid.org=411541a6-16f1-4139-a24f-e4271498e66c%5E1&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tg_i.name=bleepingcomputer-com&tg_i.domain=bleepingcomputer.com&tg_i.cat=IAB19-9%2CIAB19-10&tg_i.sectioncat=IAB19-9%2CIAB19-10&tg_i.pagecat=IAB19-9%2CIAB19-10&tg_i.page=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tg_i.fs_ad_product=banner&tg_i.dfp_ad_unit_code=15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%3B15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%3B15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%3B15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF&tg_i.pbadslot=15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%3B15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%2Fbleepingcomputer_728x90_320x50_InContent_1%3B15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%3B15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF&tk_flint=pbjs_lite_v4.42.1&x_source.tid=540e1738-9085-4dc8-9320-9383eadd9891%3Bf15296eb-033c-4336-89fb-d841ab662c1d%3B23ce68f0-3562-40a2-ac72-d4aabfcdf31f%3B07eb176b-3559-4180-be11-eec6ec69ba22&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=4&rand=0.04227152916102561
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
213.19.162.61 , United Kingdom, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
7236226f009b4fbcf804bb88a6b503b8cd5aaf6d8a58890422f00f23175d1674

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
5434
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194707c7680952&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
49596058da1e7b40f4e04c16a769ead3b7127dc295c4f77ccd4ab6e8bdda6e21

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194700601d06e7&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
e1e865db1ff9a0baca5c9edf41b4f49be785666ac7eeebe0405d694ba49fd6a9

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a969d1301787836013037fa80ed00db&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
81a281b4628ba19659e6b3f62306f44209a444f8d0bccc85efbd36ff359c5625

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194707c7680952&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
bda131b6bcc145f877ff71bbda1135a0e605b445e0d006cd3a9acb5a1862d601

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194707caca0954&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
00ad7559ff41329f3e5059981488c80104fce7a775a352d9799eb73b26f947ef

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a969412017474441319470061cb06e8&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
3dea865ab0834b643348ef235b80201da9fc4c4aa1dd684bbab44504bbe85ed6

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194707c7680952&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
72fe607b69e600f651754adaf8d7963e74ed8e388d6bbc8191463a447e38fbf3

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a9694120174744413194700601d06e7&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
0beb1d06200fb1b83e9f0e98f2186c4ea586e05d09025f30baed02a1443cc79b

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
484 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df53d00575&pos=8a969d1301787836013037fa80ed00db&cmd=bid&req=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&secure=1&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
8e4a8088c5381b7a79b06298a4d47515e1b04bb49a9f6f6455639e552b73ff7a

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:12 GMT
Server
ATS/7.1.2.138
Age
0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST,GET,HEAD,OPTIONS
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
62
auction
tlx.3lift.com/header/ 		19 B
269 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=4.42.1&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&tmax=1200&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.169.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-169-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
hbjson
grid.bidswitch.net/ 		2 B
318 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.212.217.28 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
28.217.212.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 23 Sep 2021 17:54:13 GMT
Server
nginx
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
prebid
ads.yieldmo.com/exchange/ 		0
230 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22bleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%2C%22callback_id%22%3A%22795721a484abcde%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%2C%5B970%2C250%5D%5D%2C%22ym_placement_id%22%3A%222701628685080797398%22%7D%2C%7B%22placement_id%22%3A%22bleepingcomputer_728x90_320x50_InContent_1%22%2C%22callback_id%22%3A%2280cfc43e070db8a%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%222701628685080797398%22%7D%2C%7B%22placement_id%22%3A%22bleepingcomputer_300x250_300x600_160x600_Right_2%22%2C%22callback_id%22%3A%22811fae9b0e969b9%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%222701628685080797398%22%7D%2C%7B%22placement_id%22%3A%22bleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%2C%22callback_id%22%3A%228251354102bf187%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%2C%5B970%2C250%5D%5D%2C%22ym_placement_id%22%3A%222701628685080797398%22%7D%5D&page_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&bust=1632419652559&pr=&scrd=1&dnt=false&description=Russian%20state-sponsored%20hackers%20known%20as%20the%20Turla%20APT%20group%20have%20been%20using%20new%20malware%20over%20the%20past%20year%20that%20acted%20as%20a%20secondary%20persistence%20method%20on%20compromised%20systems%20in%20the%20U.S.%2C%20Germany%2C%20and%20Afghanistan.&title=Russian%20state%20hackers%20use%20new%20TinyTurla%20malware%20as%20secondary%20backdoor&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=1---&pubcid=411541a6-16f1-4139-a24f-e4271498e66c&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.100.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-100-147.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
translator
hbopenbid.pubmatic.com/ 		41 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
f254c9e3275a3332533acf314de3ecc4a0b8d6c2be9b26c206b09985a8caecea

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-openrtb-version
2.3
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.213.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-213-60.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
access-control-allow-credentials
true
vary
Origin
/
hb.emxdgt.com/ 		0
165 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=1200&ts=1632419652562&src=pbjs
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.230.193 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-230-193.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bleepingcomputer.com
date
Thu, 23 Sep 2021 17:54:12 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
prebid
prebid.media.net/rtb/ 		1 KB
630 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJ8GUQF
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7d9d68dd93a8710a62825afaf2248f331a5b0f5db57d9f9bf18b732564a63ced

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
via
1.1 google
cygnus
htlb.casalemedia.com/ 		26 B
381 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=393562&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2211379348c082a7a8%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A4%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A4%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%22535%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221145ebc231348e54%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22115928c056a09734%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211682589a9cd1b5b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_ATF%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221175a780895593e5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_320x50_InContent_1%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2211843d7f937ee0e7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22119876d433d857cb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_300x250_300x600_160x600_Right_2%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22120a7d0d4c6d4196%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%221215229cce52896d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22122ca182e7fc2996%22%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2Fbleepingcomputer_728x90_970x90_970x250_320x50_BTF%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9d66ec75c8cff55625a50e92993197796b806e1cca7b72080bb1d4ef6d062406

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.115], XFF:[]
server
Apache
vary
Is-Traffic-Invalid,Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.bleepingcomputer.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
46
x-ak-client-geo
12
expires
Thu, 23 Sep 2021 17:54:12 GMT
prebid
ib.adnxs.com/ut/v3/ 		474 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
938aa2be9d98b8fec6514a5274defc6da03c05b6cb9d7c30a6ebda979b7f73a4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:12 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ffb5c3d0-7f21-4a1e-b52d-fe57d2059722
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.bleepingcomputer.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
474
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
35 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
cf-ray
6935a30c9a56178e-FRA
access-control-allow-headers
Content-Type, Origin
t
jadserve.postrelease.com/ 		402 B
688 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F&ntv_mvi&us_privacy=1---
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.173.185.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-173-185-122.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
995093817307fa7a4404ac5a302a77f54909bdd988cd0517cea3748f1e8c3bb2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript;charset=UTF-8
content-length
272
expires
Mon, 1 Jan 1990 12:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=38&args=1&stack=Error%0Aat%20dk.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20dk.getTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A80975)%0Aat%20Y%20(apstag.js%3A2%3A114065)%0Aat%20J%20(apstag.js%3A2%3A113513)%0Aat%20l%20(apstag.js%3A2%3A91500)%0Aat%20_t%20(apstag.js%3A2%3A126178)%0Aat%20apstag.js%3A2%3A133441%0Aat%20Object.punt%20(apstag.js%3A2%3A4051)%0Aat%20eval%20(eval%20at%20t%20(apstag.js%3A2%3A90529)%2C%20%3Canonymous%3E%3A1%3A8)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79210)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Y%20(apstag.js%3A2%3A114109)%0Aat%20J%20(apstag.js%3A2%3A113513)%0Aat%20l%20(apstag.js%3A2%3A91500)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79501)%0Aat%20apstag.js%3A2%3A114381%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20%24%20(apstag.js%3A2%3A114351)%0Aat%20apstag.js%3A2%3A114262%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Y%20(apstag.js%3A2%3A114116)%0Aat%20J%20(apstag.js%3A2%3A113513)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=51&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79628)%0Aat%20W%20(apstag.js%3A2%3A113878)%0Aat%20apstag.js%3A2%3A114220%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Y%20(apstag.js%3A2%3A114116)%0Aat%20J%20(apstag.js%3A2%3A113513)%0Aat%20l%20(apstag.js%3A2%3A91500)%0Aat%20_t%20(apstag.js%3A2%3A126178)&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=51&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79628)%0Aat%20apstag.js%3A2%3A114234%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Y%20(apstag.js%3A2%3A114116)%0Aat%20J%20(apstag.js%3A2%3A113513)%0Aat%20l%20(apstag.js%3A2%3A91500)%0Aat%20_t%20(apstag.js%3A2%3A126178)%0Aat%20apstag.js%3A2%3A133441&vrg=2021091501&nw_id=15184186&nslots=6&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=43&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.addService%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Arguments.%3Canonymous%3E%20(https%3A%2F%2Fcd.connatix.com%2Fconnatix.playspace.js%3A16%3A478295)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20Er.initializeAd%20(connatix.playspace.js%3A16%3A478239)%0Aat%20Br.startAd%20(connatix.playspace.js%3A16%3A480991)%0Aat%20mh.Vj%20(connatix.playspace.js%3A16%3A514644)%0Aat%20mh.Bj%20(connatix.playspace.js%3A16%3A514510)%0Aat%20mh.start%20(connatix.playspace.js%3A16%3A514227)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=11&args=1&stack=Error%0Aat%20dk.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20dk.refresh%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Arguments.%3Canonymous%3E%20(https%3A%2F%2Fcd.connatix.com%2Fconnatix.playspace.js%3A16%3A478450)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20Er.initializeAd%20(connatix.playspace.js%3A16%3A478239)%0Aat%20Br.startAd%20(connatix.playspace.js%3A16%3A480991)%0Aat%20mh.Vj%20(connatix.playspace.js%3A16%3A514644)%0Aat%20mh.Bj%20(connatix.playspace.js%3A16%3A514510)%0Aat%20mh.start%20(connatix.playspace.js%3A16%3A514227)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
controltag.js.a1705c5ac5f06cf0c202ff70908fc042
cdn.krxd.net/ctjs/ 		259 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/womptv2nm.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
age
667759
x-amz-server-side-encryption
AES256
x-cache
HIT
x-cache-hits
1760037
content-length
84509
x-served-by
cache-hhn4057-HHN
last-modified
Mon, 02 Aug 2021 12:06:17 GMT
x-timer
S1632419653.872081,VS0,VE0
etag
"a1705c5ac5f06cf0c202ff70908fc042"
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=315360000
accept-ranges
bytes
expires
Thu, 31 Jul 2031 12:06:16 GMT
vpaid_68c68ea6.js
vpaid.springserve.com/production/ 		491 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vpaid.springserve.com/production/vpaid_68c68ea6.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-82.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a54b6501010a2a11a342b7f1459a10336ce2b96a98c523c015de676203f1e282

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 22 Sep 2021 17:36:21 GMT
content-encoding
br
last-modified
Wed, 22 Sep 2021 17:34:44 GMT
server
AmazonS3
age
87472
etag
W/"c41b3f31e617ac05abbd6b79785bd64a"
vary
Accept-Encoding
x-edge-origin-shield-skipped
0
content-type
application/javascript
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control
max-age=2678400
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
whxzRhpicwN_FVvLJrBoXE1vKhxhe5RKNxNvl2h0CHh9g66L-ERBxw==
moatcontent.js
z.moatads.com/nativonielsen548znrb18/ 		167 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/nativonielsen548znrb18/moatcontent.js?moatClientLevel1=9266
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:12 GMT
content-encoding
gzip
last-modified
Mon, 24 Aug 2020 17:04:05 GMT
server
AmazonS3
x-amz-request-id
541CA3CB462144FD
etag
"774acff2cee5852cdfc3fd8471cb2667"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=30818
accept-ranges
bytes
content-length
55696
x-amz-id-2
WNwhnB94WoMq7DmM1MaoToceuK3QbHC7vn11hUldfKqO5oRdP3/lkIWqAFpXgth7b2BO5KLt3DE=
9266
s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/ 		320 B
613 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-jsonp.moatads.com/ocr/NATIVOINVCONTENT1/level3/9266?t=20218231710
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
6bb7a0f1b27452f54216be22fccf5fdd447a6bd89aa008d7af2b447fd846df37

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
OIaCQMcaWOC1.SZeqH_6vLi_QxtbEDfl
last-modified
Thu, 23 Sep 2021 17:16:17 GMT
server
AmazonS3
x-amz-request-id
V4RTNGH7MM9RQJ3Y
etag
"e42e753670209aa5d82d094d5541415c"
content-type
application/octet-stream
date
Thu, 23 Sep 2021 17:54:12 GMT
accept-ranges
bytes
content-length
320
x-amz-id-2
WJquH3As3xt+d+VGXU6u4vLRrZPfqy+sTIMohTtkx0c56RuBluCfydORmy59nsrTWc+HiwyO3so=
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=573&args=0&stack=Error%0Aat%20dk.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20dk.getSlots%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Qe%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A240708)%0Aat%20%24t%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A273760)%0Aat%20Zt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A274079)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A380635%0Aat%20Object.%3Canonymous%3E%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A145732)%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.oe%20%5Bas%20_each%5D%20(prebid-analytics-4.42.6.js%3A3%3A14763)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A145701&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A273969%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20%24t%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A273765)%0Aat%20Zt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A274079)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A380635%0Aat%20Object.%3Canonymous%3E%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A145732)%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.oe%20%5Bas%20_each%5D%20(prebid-analytics-4.42.6.js%3A3%3A14763)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A274014%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20%24t%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A273765)%0Aat%20Zt%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A274079)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A380635%0Aat%20Object.%3Canonymous%3E%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A145732)%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.oe%20%5Bas%20_each%5D%20(prebid-analytics-4.42.6.js%3A3%3A14763)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79210)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Y%20(apstag.js%3A2%3A114109)%0Aat%20At%20(apstag.js%3A2%3A131989)%0Aat%20apstag.js%3A2%3A133441&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79231)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Y%20(apstag.js%3A2%3A114109)%0Aat%20At%20(apstag.js%3A2%3A131989)%0Aat%20apstag.js%3A2%3A133441&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=51&args=1&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20e.value%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79628)%0Aat%20W%20(apstag.js%3A2%3A113878)%0Aat%20apstag.js%3A2%3A114220%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Y%20(apstag.js%3A2%3A114116)%0Aat%20At%20(apstag.js%3A2%3A131989)%0Aat%20apstag.js%3A2%3A133441%0Aat%20Object.setDisplayBids%20(apstag.js%3A2%3A4051)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=573&args=0&stack=Error%0Aat%20dk.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20dk.getSlots%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Object.N.resetPresetTargeting%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90624)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A279862)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)%0Aat%20IE.push%20(pubads_impl_2021091501.js%3A6%3A20861)%0Aat%20g%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A278579)%0Aat%20p%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A277904)%0Aat%20Object.bidsBackHandler%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A276786)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90761%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90806%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90733%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Oe%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A16915)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A7161%0Aat%20Array.filter%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95324%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.setTargetingForGPT%20(prebid-analytics-4.42.6.js%3A3%3A95289)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122706)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A279862)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubfig.messaging.2.1.21.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
a.pub.network/core/pubfig/ 		184 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.pub.network/core/pubfig/pubfig.messaging.2.1.21.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeb0b4cf7bfababda4faef3db20e6ff5f7dc57aa0b6ab6834765b2f6b9a497cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=xcoiKQ==, md5=VigJONoLD+gFKvy9eBn2eQ==
date
Thu, 23 Sep 2021 17:54:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid
ADPycdsKcgN0DwUSEXCPNXpuWOgGMhQqXtYv19luq_xZCIu_Bw9xZPX2ahD4pIuD3-jKGak9DsSTLX4cPOTtCcgsbw0
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
cf-ray
6935a30fdc1af9e2-PRG
last-modified
Tue, 14 Sep 2021 16:21:03 GMT
server
cloudflare
etag
W/"56280938da0b0fe8052afcbd7819f679"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uij2TCtIU1af%2FL1CqfpFkjV5muL9g4%2FQXF568enzuBSPpI4HSNrhrHU%2F1LKghhn7yIvgm1ROlccf8ETOs1%2FJkj87XHhv7Sp6DsL%2F1r4eqSUpn6UNoSVoQjRT8W2xILY%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
access-control-allow-origin
*
x-goog-generation
1631636462985025
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
188146
content-type
application/javascript
expires
Wed, 22 Sep 2021 23:28:36 GMT
c
c.pub.network/ 		36 B
329 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.pub.network/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.1.21.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
192.71.201.35.bc.googleusercontent.com
Software
/
Resource Hash
47c42b813ef5a4ef340f6197125220930c136c224571d3d2bc4ce92163feafbc

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 23 Sep 2021 17:54:13 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
36
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20new%20e%20(https%3A%2F%2Fc.amazon-adsystem.com%2Faax2%2Fapstag.js%3A2%3A79231)%0Aat%20apstag.js%3A2%3A81719%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20e.value%20(apstag.js%3A2%3A81695)%0Aat%20o%20(apstag.js%3A2%3A53125)%0Aat%20Y%20(apstag.js%3A2%3A114109)%0Aat%20At%20(apstag.js%3A2%3A131989)%0Aat%20apstag.js%3A2%3A133441&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fpubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A240798%0Aat%20Array.filter%20(%3Canonymous%3E)%0Aat%20Ke%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A240769)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A279026%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A278999%0Aat%20Arguments.%3Canonymous%3E%20(pubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A279127)%0Aat%20IE.HE.push%20(pubads_impl_2021091501.js%3A6%3A200490)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=54&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getAdUnitPath%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90733%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90761%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A90806%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90701%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A90679%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.resetPresetTargeting%20(prebid-analytics-4.42.6.js%3A3%3A90635)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122676)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A95598%0Aat%20Array.map%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95512%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95420%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95375%0Aat%20Array.forEach%20(%3Canonymous%3E)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=49&args=2&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.setTargeting%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A95685%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95663%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95420%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95375%0Aat%20Array.forEach%20(%3Canonymous%3E)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_api_usage&pvsid=2742980927766873&methodId=598&args=0&stack=Error%0Aat%20Bg.Ef%20(https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgpt%2Fpubads_impl_2021091501.js%3A6%3A20366)%0Aat%20Bg.getSlotElementId%20(pubads_impl_2021091501.js%3A6%3A20981)%0Aat%20Oe%20(https%3A%2F%2Fa.pub.network%2Fcore%2Fprebid-analytics-4.42.6.js%3A3%3A16938)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A7161%0Aat%20Array.filter%20(%3Canonymous%3E)%0Aat%20prebid-analytics-4.42.6.js%3A3%3A95324%0Aat%20Array.forEach%20(%3Canonymous%3E)%0Aat%20Object.N.setTargetingForGPT%20(prebid-analytics-4.42.6.js%3A3%3A95289)%0Aat%20Object.h.setTargetingForGPTAsync%20(prebid-analytics-4.42.6.js%3A3%3A122706)%0Aat%20Arguments.%3Canonymous%3E%20(pubfig%2Fpubfig.engine.4.22.0.80905bffd3992f3f8ab33d317dad4256e86d4cf5.js%3A1%3A279862)&vrg=2021091501&nw_id=15184186%2C107430338&nslots=7&eid=31060978%2C31062393%2C31062885%2C31062924&pub_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Frussian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor%2F
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
envelope
api.rlcdn.com/api/identity/ 		44 B
334 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=1258
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
alt-svc
clear
content-length
44
id
id.crwdcntrl.net/ 		153 B
910 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-115.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ae13d57e027e010c6247fe41e1478d117c49dc5ab90e8c3b31ef53e80ccacfed

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache
x-server
10.45.30.160
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
153
expires
0
id
id.sharedid.org/ 		41 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.sharedid.org/id?us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.210.233.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-233-105.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
f10286e5a95004c9e6134c024d6c13813397611e17a6bfb6226f109b7c797f70

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
41
expires
0
rid
match.adsrvr.org/track/ 		109 B
549 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
c0bbf09d3a37f8d4e1ef32195290ad4a2c1994719f40eb6397a784c6c665e632

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bleepingcomputer.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Sat, 23 Oct 2021 17:54:19 GMT
pd
eu-u.openx.net/w/1.0/ Frame 2A20 		1006 B
856 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
3747f6289ae1949fa27f35e81fa24aef2c921a8cc237f88e7d50817035c8035c

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
cookie
i=411541a6-16f1-4139-a24f-e4271498e66c|1632419652
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=411541a6-16f1-4139-a24f-e4271498e66c|1632419652; Version=1; Expires=Fri, 23-Sep-2022 17:54:19 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1632419659|mOgeginskin0vNomiygu; Version=1; Expires=Fri, 08-Oct-2021 17:54:19 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html
content-length
539
content-encoding
gzip
via
1.1 google
alt-svc
clear
check.html
biddr.brealtime.com/ Frame 746F 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.119.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Host
biddr.brealtime.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
x-amz-id-2
Dt294QpawtNR10fmt04i/E9z//OMSi9w/VEk3jrbZgYkkUJUkpy+PD6nufgStLb0aV63ozhzeoQ=
x-amz-request-id
HWSTNQVGK70Z6EFW
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status
HIT
Age
6966
Expires
Thu, 23 Sep 2021 17:55:19 GMT
Cache-Control
public, max-age=60
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
6935a3351eac6903-FRA
Content-Encoding
gzip
/
ssc-cms.33across.com/ps/ Frame 643D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dPGcAuqZ0r6Ok4aKlId8sQ&gdpr_consent=undefined&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP003 /
Resource Hash

Request headers

:method
GET
:authority
ssc-cms.33across.com
:scheme
https
:path
/ps/?m=xch&rt=html&ru=deb&id=dPGcAuqZ0r6Ok4aKlId8sQ&gdpr_consent=undefined&us_privacy=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

x-33x-status
2000208
server
33XP003
date
Thu, 23 Sep 2021 17:54:18 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 8BA5 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:07:52 GMT
etag
"13006b6-974e-5c4c7cb53d8cb"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13946
content-type
text/html; charset=UTF-8
cache-control
public, max-age=97897
expires
Fri, 24 Sep 2021 21:05:56 GMT
date
Thu, 23 Sep 2021 17:54:19 GMT
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 4412 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host
js-sec.indexww.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Server
Apache
Last-Modified
Thu, 11 Feb 2021 16:12:45 GMT
ETag
"e20015-90b-5bb11ca420f07"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1151
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
index.html
cdn.districtm.io/ids/ Frame 2D34 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html?ccpa=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html?ccpa=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
6935a334eb6d178e-FRA
sync
eb2.3lift.com/ Frame EF5D
Redirect Chain
  • https://eb2.3lift.com/sync?us_privacy=1---&
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
95daa2ccfa048940e1e966d2c27104c227d207eafc22e99d80c0f4c08426c6aa

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?us_privacy=1---&&ld=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
cookie
tluid=4352010470323349887
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html; charset=utf-8
content-length
462
set-cookie
sync=CgoIgQIQqvqsnsEvCgoI4gEQqvqsnsEvCgoI5gEQqvqsnsEvCgoIhwIQqvqsnsEvCgkICRCq-qyewS8KCQg6EKr6rJ7BLwoJCAsQqvqsnsEvCgoIjAIQqvqsnsEvCgoIzgEQqvqsnsEvCgkIXxCq-qyewS8=; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=4352010470323349887; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-length
0
set-cookie
tluid=1803659756778258147; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location
/sync?us_privacy=1---&&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
async_usersync.html
acdn.adnxs.com/dmp/ Frame E3B9 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Thu, 23 Sep 2021 04:19:37 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Thu, 23 Sep 2021 17:54:19 GMT
Age
48881
X-Served-By
cache-lga21968-LGA, cache-hhn4033-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1, 881003
X-Timer
S1632419659.054639,VS0,VE0
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 0E7F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8ebb5d21ad3b4e1537cf3b4ff154f776a4af48bb79f51769e91c223168b202df
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Sun, 27 Mar 2022 17:54:19 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Sat, 25 Sep 2021 17:54:19 GMT
date
Thu, 23 Sep 2021 17:54:19 GMT
content-length
8102
index.html
cdn.districtm.io/ids/ Frame 6357 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html?ccpa=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html?ccpa=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
6935a334eb6b178e-FRA
showad.js
ads.pubmatic.com/AdServer/js/ Frame DE58 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:07:52 GMT
etag
"13006b6-974e-5c4c7cb53d8cb"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13946
content-type
text/html; charset=UTF-8
cache-control
public, max-age=97897
expires
Fri, 24 Sep 2021 21:05:56 GMT
date
Thu, 23 Sep 2021 17:54:19 GMT
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame A4F3 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host
js-sec.indexww.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Server
Apache
Last-Modified
Thu, 11 Feb 2021 16:12:45 GMT
ETag
"e20015-90b-5bb11ca420f07"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1151
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
async_usersync.html
acdn.adnxs.com/dmp/ Frame FC5E 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Thu, 23 Sep 2021 04:19:37 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Thu, 23 Sep 2021 17:54:19 GMT
Age
48881
X-Served-By
cache-lga21968-LGA, cache-hhn4076-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1, 872303
X-Timer
S1632419659.055160,VS0,VE0
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 727C 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8ebb5d21ad3b4e1537cf3b4ff154f776a4af48bb79f51769e91c223168b202df
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

:method
GET
:authority
contextual.media.net
:scheme
https
:path
/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUJ8GUQF&prvid=251%2C175%2C178%2C157%2C3017%2C3016%2C214%2C159%2C97%2C99%2C77%2C56%2C3012%2C141%2C222%2C3007%2C201%2C4%2C246%2C203%2C80%2C10000%2C9%2C229%2C108%2C82%2C109&purpose1=1&gdprconsent=0&gdpr=1&usp_status=0&usp_consent=1&uspstring=1---&itype=PREBID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

server
Apache
content-type
text/html; charset=UTF-8
set-cookie
gdpr_status=1; Expires=Sun, 27 Mar 2022 17:54:19 GMT; domain=.media.net; Path=/; sameSite=none; secure=true
x-mnet-hl2
E
strict-transport-security
max-age=604800
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=172800
expires
Sat, 25 Sep 2021 17:54:19 GMT
date
Thu, 23 Sep 2021 17:54:19 GMT
content-length
8102
usync.html
eus.rubiconproject.com/ Frame 95F8 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bleepingcomputer.com/
Accept-Encoding
gzip, deflate, br
Cookie
rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVwnwYaQOmrhRqqbYbmDio/LQRqqs1OnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKZdU6r+VKDQWVv/VO/a+hEPPQ==; vis2=151312^1; khaos=KTX8IHAH-J-BAN7; ses2=; audit=1|naVuGyos1qq3XteXOZCGZ9ykSVAasc52pZoR5IbIWJBgfNh7iksUIcmOZNlrfnQZ8Wf+CDJvEd7vQn6gbej9EcxuhZpbWKLt+/AMC2wiya8=; ses15=151312^1; vis15=151312^1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 23 Feb 2021 20:47:52 GMT
ETag
"402b0-119-5bc0708346e00"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
Vary
Accept-Encoding
sync
eb2.3lift.com/ Frame A479
Redirect Chain
  • https://eb2.3lift.com/sync?us_privacy=1---&
  • https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
95daa2ccfa048940e1e966d2c27104c227d207eafc22e99d80c0f4c08426c6aa

Request headers

:method
GET
:authority
eb2.3lift.com
:scheme
https
:path
/sync?us_privacy=1---&&ld=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
cookie
tluid=4352010470323349887
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html; charset=utf-8
content-length
462
set-cookie
sync=CgoIgQIQqfqsnsEvCgoI4gEQqfqsnsEvCgoI5gEQqfqsnsEvCgoIhwIQqfqsnsEvCgkICRCp-qyewS8KCQg6EKn6rJ7BLwoJCAsQqfqsnsEvCgoIjAIQqfqsnsEvCgoIzgEQqfqsnsEvCgkIXxCp-qyewS8=; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/sync; Domain=.3lift.com; SameSite=None; Secure tluid=4352010470323349887; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-length
0
set-cookie
tluid=4352010470323349887; Max-Age=7776000; Expires=Wed, 22 Dec 2021 17:54:19 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location
/sync?us_privacy=1---&&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pd
eu-u.openx.net/w/1.0/ Frame 955E 		1006 B
844 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
3747f6289ae1949fa27f35e81fa24aef2c921a8cc237f88e7d50817035c8035c

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bleepingcomputer.com/
accept-encoding
gzip, deflate, br
cookie
i=411541a6-16f1-4139-a24f-e4271498e66c|1632419652
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=411541a6-16f1-4139-a24f-e4271498e66c|1632419652; Version=1; Expires=Fri, 23-Sep-2022 17:54:19 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1632419659|mOgeginskin0vNomiygu; Version=1; Expires=Fri, 08-Oct-2021 17:54:19 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.2
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html
content-length
539
content-encoding
gzip
via
1.1 google
alt-svc
clear
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=themediagrid&us_privacy=1---
  • https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzNWE...
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzNWExNzIx&google_tc=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bleepingcomputer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=themediagrid&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721&google_hm=ZmJjOTViNDctOWI5ZC00ODE1LWJkMzMtMDM4OGQzNWExNzIx&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
436
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame C88A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
85ee0977e4d20d64c4936b3523a22b48e2ed721b6cca20bb2553a101e8e72e63

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://js-sec.indexww.com/
Accept-Encoding
gzip, deflate, br
Cookie
CMPS=3166; CMID=YUy-SxsG5DKOdtJHZWnypAAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://js-sec.indexww.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|39|230|45|64|206|51|221
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1661
Expires
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
Set-Cookie
CMID=YUy-SxsG5DKOdtJHZWnypAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMPS=3166;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT CMPRO=1155;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT CMRUM3=ce614cbf4b05a0&e6614cbf4b2760&40614cbf4b05a0&2d614cbf4b05a0&dd614cbf4b2760&f1614cbf4b05a0&33614cbf4b05a0&27614cbf4b0b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMST=YUy-S2FMv0sA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 24 Sep 2021 17:54:19 GMT

Redirect headers

Server
Apache
Content-Length
347
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
Set-Cookie
CMID=YUy-SxsG5DKOdtJHZWnypAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMPS=3166;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame 7265
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
  • https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5489c9a241b03428a5e5aa4277e6a1350350cf87d84cd1826bff10c8854290d3

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://js-sec.indexww.com/
Accept-Encoding
gzip, deflate, br
Cookie
CMID=YUy-SxsG5DKOdtJHZWnypQAA; CMPS=3166
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://js-sec.indexww.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
45|230|39|241|90|40|152|57
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1585
Expires
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
Set-Cookie
CMID=YUy-SxsG5DKOdtJHZWnypQAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMPS=3166;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT CMPRO=1155;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT CMRUM3=28614cbf4b05a00&27614cbf4b0b40&98614cbf4b05a00&5a614cbf4b05a0&e6614cbf4b2760&39614cbf4b05a0&f1614cbf4b05a0&2d614cbf4b05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMST=YUy-S2FMv0sA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 24 Sep 2021 17:54:19 GMT

Redirect headers

Server
Apache
Content-Length
347
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Connection
keep-alive
Set-Cookie
CMID=YUy-SxsG5DKOdtJHZWnypQAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 23 Sep 2022 17:54:19 GMT CMPS=3166;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 22 Dec 2021 17:54:19 GMT
sd
eu-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:18 GMT
Server
PingMatch/8a430fa#rel-ec2-master i-036989daef33ebbfa@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=fbc95b47-9b9d-4815-bd33-0388d35a1721
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=67d4e697-eb01-4c50-bed2-2095b494871b&expires=10&ssp=openx&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
//us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
sd
eu-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
e6499e4e-976f-4db1-84d5-4d6f4c593aa4
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redir
rtb-csync.smartadserver.com/ Frame 2A20
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ox
  • https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBMFFFN0NtWDhBQUJBYW8yNjVUZw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAEKk7CmX8AABnd9zOAUg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_curre...
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.142 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
sd
eu-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=eac9614c-bf4b-4900-a715-e055d0b35abd
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=eac9614c-bf4b-4900-a715-e055d0b35abd
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x27 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=eac9614c-bf4b-4900-a715-e055d0b35abd
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 23 Sep 2021 17:54:18 GMT
sd
us-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=dAw0ciBbNHNvDWMnJFktJSEIYyRvCjMoJ1ya0Mb1
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=dAw0ciBbNHNvDWMnJFktJSEIYyRvCjMoJ1ya0Mb1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=dAw0ciBbNHNvDWMnJFktJSEIYyRvCjMoJ1ya0Mb1
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 2A20
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5178698851861003947
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5178698851861003947
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5178698851861003947
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 2A20 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=92b97eff-bf76-7ece-f899-2ccf70bfd591&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 2A20
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 2A20
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
293
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:18 GMT
Server
PingMatch/8a430fa#rel-ec2-master i-0ab67c5d8ba5329d8@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=lx2zQmO81MtsVl5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=fbc95b47-9b9d-4815-bd33-0388d35a1721
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=ed0d6ec3-d6d3-4ef5-b4d2-5de9480a362a&expires=10&ssp=openx&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
//us-u.openx.net/w/1.0/sd?id=537072968&val=fbc95b47-9b9d-4815-bd33-0388d35a1721
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
sd
eu-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
e7b86021-e675-4258-a647-c38d75b1f7e6
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=4746351740882832372
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redir
rtb-csync.smartadserver.com/ Frame 955E
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ox
  • https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFBRUtrN0NtWDhBQUJuZDl6T0FVZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAAEKk7CmX8AABnd9zOAUg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAAEKk7CmX8AABnd9zOAUg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAAEKk7CmX8AABnd9zOAUg&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...
43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.142 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
sd
eu-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=abd9614c-bf4b-4100-8c35-f75bd03c2abe
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x27 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 23 Sep 2021 17:54:18 GMT
sd
us-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wu0VJpa6FSfZ7EJywe4Mdpa9RyPZ5RFxlb7L8E6E
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wu0VJpa6FSfZ7EJywe4Mdpa9RyPZ5RFxlb7L8E6E
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=wu0VJpa6FSfZ7EJywe4Mdpa9RyPZ5RFxlb7L8E6E
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 955E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6225523299478106640
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6225523299478106640
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.2 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 google
server
OXGW/16.216.2
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6225523299478106640
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 955E 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=92b97eff-bf76-7ece-f899-2ccf70bfd591&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 955E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YmVkNmFkMzUtNzYwMS0yMDZhLWVkNzktNzY3NmJhNWQxYmYx&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 955E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0&us_privacy=1---
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
293
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame A479 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame A479 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame A479
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame A479 		0
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4352010470323349887&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.11.85 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-11-85.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-edc2
content-length
0
x-li-uuid
rDXAAAiFpxZApp6QVSsAAA==
xuid
eb2.3lift.com/ Frame A479
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4352010470323349887?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-JUbEw29E2oS0XGGm.aOe3j1iuKqacjo4d0Ki3xkYkA--~A&dongle=0883
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-JUbEw29E2oS0XGGm.aOe3j1iuKqacjo4d0Ki3xkYkA--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-JUbEw29E2oS0XGGm.aOe3j1iuKqacjo4d0Ki3xkYkA--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame A479 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=4352010470323349887&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.182.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-182-33.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
c.gif
c.bing.com/ Frame A479 		42 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=4352010470323349887&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
a-0001.a-msedge.net
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
etag
"367bb54357aad71:0"
last-modified
Wed, 15 Sep 2021 17:29:40 GMT
x-msedge-ref
Ref A: 0A6BDA927C154D13B3DD0FD121E41A89 Ref B: PRG01EDGE0809 Ref C: 2021-09-23T17:54:19Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame A479
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4352010470323349887
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DN1D0CT7NSHEBDKA5FKY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame A479
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame A479
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4587378197357762933&dongle=d407
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=4587378197357762933&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=4587378197357762933&dongle=d407
pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
generic
match.adsrvr.org/track/cmf/ Frame EF5D 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame EF5D 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame EF5D
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM1MjAxMDQ3MDMyMzM0OTg4Nw%3D%3D
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame EF5D 		0
677 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4352010470323349887&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.11.85 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-11-85.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-edc2
content-length
0
x-li-uuid
/czbAAiFpxYA60JUVCsAAA==
xuid
eb2.3lift.com/ Frame EF5D
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/4352010470323349887?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-_98EjzhE2oQnd5Mn2RjjybM7WcMjIjWyF9FQZaIekQ--~A&dongle=0883
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_98EjzhE2oQnd5Mn2RjjybM7WcMjIjWyF9FQZaIekQ--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_98EjzhE2oQnd5Mn2RjjybM7WcMjIjWyF9FQZaIekQ--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
x.bidswitch.net/ Frame EF5D 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=4352010470323349887&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.182.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-182-33.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
c.gif
c.bing.com/ Frame EF5D 		42 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=4352010470323349887&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
a-0001.a-msedge.net
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
etag
"367bb54357aad71:0"
last-modified
Wed, 15 Sep 2021 17:29:40 GMT
x-msedge-ref
Ref A: 0DE6923CD7A14D94883846A0D31CA414 Ref B: PRG01EDGE0809 Ref C: 2021-09-23T17:54:19Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame EF5D
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4352010470323349887
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ASWNQYDKB42E20DCT3EX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4352010470323349887&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame EF5D
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame EF5D
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4371205415243979125&dongle=d407
37 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=4371205415243979125&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?us_privacy=1---&&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=4371205415243979125&dongle=d407
pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
usync.js
eus.rubiconproject.com/ Frame 95F8 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
36a3b8cc21c2aa36f5eab65ee9f6489d77a3769c29c5336ecb0abdb4f001ccc7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Sep 2021 15:20:51 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=55540
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9359
Expires
Fri, 24 Sep 2021 09:19:59 GMT
async_usersync
ib.adnxs.com/ Frame E3B9 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ceecfc1a-5106-4069-bfd0-720efb76217b
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FC5E 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
38dc4449-17a7-4514-8fad-9548505d85d1
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 8BA5 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=28104108&p=156696&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
0da2d19a2f652bea99b8b03e5d84895df7183688b442b141ac3af1d2271cdf31

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pixel
cm.g.doubleclick.net/ Frame 7265
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
325
Expires
Thu, 23 Sep 2021 17:54:19 GMT
pixel
cm.g.doubleclick.net/ Frame 7265 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 7265 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
dcm
s.amazon-adsystem.com/ Frame 7265
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
3JVCC61FD819DPXRCNDV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Q3JAAV7GSM7DSKSTRJMQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypQAABIMAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
no_match_opted_out
um.simpli.fi/ Frame 7265
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
b7.80.fd9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 23 Sep 2021 17:54:19 GMT
x-content-type-options
nosniff
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
x-content-type-options
nosniff
server
openresty
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Wed, 22 Sep 2021 17:54:19 GMT
crum
dsum-sec.casalemedia.com/ Frame 7265
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a01c1fd8-b616-4d57-9556-788764f6d960
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a01c1fd8-b616-4d57-9556-788764f6d960
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 17:54:19 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a01c1fd8-b616-4d57-9556-788764f6d960
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
132
Expires
Tue, 29 May 1984 15:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 7265
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471598264745664
43 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471598264745664
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 17:54:19 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1870471598264745664
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 7265 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YUy-SxsG5DKOdtJHZWnypQAA%261155
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2851
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 18:41:50 GMT
cs&eq_cc=1
um2.eqads.com/um/ Frame ABE4
Redirect Chain
  • https://um2.eqads.com/um/cs
  • https://um2.eqads.com/um/cs&eq_cc=1
186 B
370 B 		Document
General
Check archive.org
Download Go to
Full URL
https://um2.eqads.com/um/cs&eq_cc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.70.17.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-70-17-21.compute-1.amazonaws.com
Software
/
Resource Hash
22af44f9306959fde82eea314673316e545115b8515e6d272aea9006b9bd14ad

Request headers

:method
GET
:authority
um2.eqads.com
:scheme
https
:path
/um/cs&eq_cc=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ssum-sec.casalemedia.com/
accept-encoding
gzip, deflate, br
cookie
EQUser=UID=9e2fdb62-4f98-47e4-b8e5-89d940fb7e72
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html; charset=utf-8
content-length
186
cache-control
no-cache, must-revalidate
expires
Sat, 6 May 1995 12:00:00 GMT
last-modified
Thu, 23 Sep 2021 17:54:19 GMT
pragma
no-cache

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html; charset=utf-8
content-length
41
location
/um/cs&eq_cc=1
set-cookie
EQUser=UID=9e2fdb62-4f98-47e4-b8e5-89d940fb7e72; Path=/; Domain=eqads.com; Expires=Thu, 23 Dec 2021 17:54:19 GMT; Secure; SameSite=None
dcm
s.amazon-adsystem.com/ Frame C88A
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
89T8BR65734JE4Y2JNJQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
6ZG4JDHKZBQC36YSW552
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame C88A 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame C88A 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C88A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YUy-SxsG5DKOdtJHZWnypAAA
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
325
Expires
Thu, 23 Sep 2021 17:54:19 GMT
rum
dsum-sec.casalemedia.com/ Frame C88A
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635011659
43 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635011659
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 17:54:19 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1635011659
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
sync
ups.analytics.yahoo.com/ups/55940/ Frame C88A 		0
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YUy_SxsG5DKOdtJHZWnypAAABIMAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.138 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
ATS/7.1.2.138
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
x.bidswitch.net/ Frame C88A 		43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.182.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-182-33.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
tpid=YUy-SxsG5DKOdtJHZWnypAAA%261155
bcp.crwdcntrl.net/map/c=6725/tp=INDX/ Frame C88A 		49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YUy-SxsG5DKOdtJHZWnypAAA%261155?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-115.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.45.4.154
content-type
image/gif
content-length
49
expires
0
htw-pixel.gif
js-sec.indexww.com/ht/ Frame C88A 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YUy-SxsG5DKOdtJHZWnypAAA%261155
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://www.bleepingcomputer.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2851
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 18:41:50 GMT
match
c1.adform.net/serving/cookie/ Frame D2D6 		35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=A213C01F-72C3-46A4-BFE8-DB5971C42950
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.239 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?party=14&cid=A213C01F-72C3-46A4-BFE8-DB5971C42950
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
C=1; uid=6225523299478106640
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=6225523299478106640; expires=Mon, 22 Nov 2021 17:54:19 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 063C
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
42 B
210 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; chkChromeAb67Sec=1; DPSync3=1633564800%3A201_197_219%7C1632441600%3A174; SyncRTB3=1632960000%3A223_2_15%7C1633564800%3A81_220_161_56_204_3_55_230_189_54_8_166_234_99_176_13_22_222_21_7_71_165_88_231%7C1633651200%3A35%7C1633219200%3A63%7C1634947200%3A203; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; PugT=1632419658; SPugT=1632419657
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:18 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-4625766518124530144; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:18 GMT; path=/ PugT=1632419658; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:18 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:18 GMT; path=/
x-lat
amspug014:0:395
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4625766518124530144
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame EE31 		43 B
334 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method
GET
:authority
dis.criteo.com
:scheme
https
:path
/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Thu, 23 Sep 2021 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
353684
Pug
simage2.pubmatic.com/AdServer/ Frame F926
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
42 B
365 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; chkChromeAb67Sec=1; DPSync3=1633564800%3A201_197_219%7C1632441600%3A174; SyncRTB3=1632960000%3A223_2_15%7C1633564800%3A81_220_161_56_204_3_55_230_189_54_8_166_234_99_176_13_22_222_21_7_71_165_88_231%7C1633651200%3A35%7C1633219200%3A63%7C1634947200%3A203; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; PugT=1632419658; SPugT=1632419657; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144; KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_1101=23040-7011189053059823766; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:19 GMT; path=/ PugT=1632419659; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:19 GMT; path=/
x-lat
amspug016:0:530
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Thu, 23 Sep 2021 17:54:20 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie
UserID1=7011189053059823766; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7011189053059823766
redir
rtb-csync.smartadserver.com/ Frame 0231
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...
43 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.142 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host
rtb-csync.smartadserver.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif
transfer-encoding
chunked

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAAEKk7CmX8AABnd9zOAUg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 6D2C
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; chkChromeAb67Sec=1; DPSync3=1633564800%3A201_197_219%7C1632441600%3A174; SyncRTB3=1632960000%3A223_2_15%7C1633564800%3A81_220_161_56_204_3_55_230_189_54_8_166_234_99_176_13_22_222_21_7_71_165_88_231%7C1633651200%3A35%7C1633219200%3A63%7C1634947200%3A203; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; PugT=1632419658
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:18 GMT
content-type
text/html; charset=utf-8
x-lat
amspug020:2:238
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

set-cookie
viewer_token=d766d847-369a-4c7f-8408-8e6b7ce7b1dd; path=/; domain=csync.loopme.me; Expires=Sat, 23-Oct-2021 17:54:19 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length
0
date
Thu, 23 Sep 2021 17:54:19 GMT
server
_
Pug
simage2.pubmatic.com/AdServer/ Frame BB5B
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5397198179
  • https://sync.1rx.io/usersync/tradedesk/e274abdd-3af6-4a62-a24a-54c6d395d3f0
  • https://sync.targeting.unrulymedia.com/csync/RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
42 B
268 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; chkChromeAb67Sec=1; DPSync3=1633564800%3A201_197_219%7C1632441600%3A174; SyncRTB3=1632960000%3A223_2_15%7C1633564800%3A81_220_161_56_204_3_55_230_189_54_8_166_234_99_176_13_22_222_21_7_71_165_88_231%7C1633651200%3A35%7C1633219200%3A63%7C1634947200%3A203; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; PugT=1632419658; SPugT=1632419657; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:18 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:18 GMT; path=/ PugT=1632419658; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:18 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:18 GMT; path=/
x-lat
amspug003:0:408
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Tengine
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html
set-cookie
_rxuuid=%7B%22rx_uuid%22%3A%22RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003%22%7D; path=/; expires=Fri, 23 Sep 2022 17:54:19 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
etag
RXbc2b2e68a86b4bccac2ff04b195b2c35003
dpe
ad4m.at/ad/ Frame 8EBC 		42 B
974 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.11.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method
GET
:authority
ad4m.at
:scheme
https
:path
/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif
content-length
42
report-to
{"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires
0
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy
same-origin
pragma
no-cache
surrogate-control
no-store
x-fastcgi-cache
BYPASS
x-backend-server
adsrv-7b12
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6935a336aa6327a0-PRG
bridge
cm.adgrx.com/ Frame 3ED9 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.251.232.170 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
ams-mon-1.sys.adgear.com
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host
cm.adgrx.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://ads.pubmatic.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
server
Cowboy
X-RealServer-NX
ams-delivery-2
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Pug
image2.pubmatic.com/AdServer/ Frame 546C
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
42 B
525 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; chkChromeAb67Sec=1; DPSync3=1633564800%3A201_197_219%7C1632441600%3A174; SyncRTB3=1632960000%3A223_2_15%7C1633564800%3A81_220_161_56_204_3_55_230_189_54_8_166_234_99_176_13_22_222_21_7_71_165_88_231%7C1633651200%3A35%7C1633219200%3A63%7C1634947200%3A203
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:17 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:17 GMT; path=/ PugT=1632419657; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:17 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:17 GMT; path=/
x-lat
amspug002:0:387
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Thu, 23 Sep 2021 17:54:19 GMT
content-length
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie
u=bMMHobAPaupDdwLIg9oxXiAS; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=bMMHobAPaupDdwLIg9oxXiAS
strict-transport-security
max-age=0; includeSubDomains;
i.match
s.tribalfusion.com/z/ Frame 5E4E
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
417 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method
GET
:authority
s.tribalfusion.com
:scheme
https
:path
/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
ANON_ID=aUnoeUON6Jv8ZbUxpaiGvZbBGUFrUUXZanF9qQUA55Za
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=aKnseFxNeThBeZdwQMhTv4Zc0434xm8SA9C2MbTZbZcqcsCbYVSWipBpG21j9PjiEQyosbtAfFMkrpS9Zbd2BKmID; path=/; domain=.tribalfusion.com; expires=Wed, 22-Dec-2021 17:54:19 GMT; SameSite=None; Secure; ANON_ID_old=aKnseFxNeThBeZdwQMhTv4Zc0434xm8SA9C2MbTZbZcqcsCbYVSWipBpG21j9PjiEQyosbtAfFMkrpS9Zbd2BKmID; path=/; domain=.tribalfusion.com; expires=Wed, 22-Dec-2021 17:54:19 GMT;
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6935a3379c8f4ac3-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
text/html
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
62
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
set-cookie
ANON_ID=aUnoeUON6Jv8ZbUxpaiGvZbBGUFrUUXZanF9qQUA55Za; path=/; domain=.tribalfusion.com; expires=Wed, 22-Dec-2021 17:54:19 GMT; SameSite=None; Secure; ANON_ID_old=aUnoeUON6Jv8ZbUxpaiGvZbBGUFrUUXZanF9qQUA55Za; path=/; domain=.tribalfusion.com; expires=Wed, 22-Dec-2021 17:54:19 GMT;
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6935a3367a654ac3-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 139A
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
53 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
match.taboola.com
:scheme
https
:path
/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
t_gid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 varnish
x-served-by
cache-hhn4044-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1632419659.327338,VS0,VE8
content-length
0

Redirect headers

server
nginx
set-cookie
t_gid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb;Version=1;Path=/;Domain=.taboola.com;Expires=Fri, 23-Sep-2022 17:54:19 GMT;Max-Age=31536000;Secure;SameSite=None
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 varnish
x-served-by
cache-hhn4044-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1632419659.274140,VS0,VE9
x-vcl-time-ms
9
content-length
0
141
match.deepintent.com/usersync/ Frame 6AAA 		0
44 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
match.deepintent.com
:scheme
https
:path
/usersync/141?gdpr=0&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

content-length
0
date
Thu, 23 Sep 2021 17:54:19 GMT
server
a
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8BA5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ohPAH3LDRqS_6NtZccQpUA%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=20075
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Thu, 23 Sep 2021 23:28:54 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=abd9614c-bf4b-4100-8c35-f75bd03c2abe
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x8 config:1.0.1
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=abd9614c-bf4b-4100-8c35-f75bd03c2abe
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 23 Sep 2021 17:54:18 GMT
match
ps.eyeota.net/ Frame 8BA5
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=A213C01F-72C3-46A4-BFE8-DB5971C42950
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=313cbf04e897955629a9b79c2c782fa
  • https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m
  • https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1babd887643ad4db
  • https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1babd887643ad4db
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MjJ1emtGcXV1c3lMSG1fRUtmbkJoRWhoZVZ1bkFHN1RwZHFGaGhKMFJkbDA&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&...
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_error=15
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_error=15
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.184.216.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-184-216-10.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_error=15
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
378
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QTIxM0MwMUYtNzJDMy00NkE0LUJGRTgtREI1OTcxQzQyOTUw&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug009:0:563
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
42 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug014:0:519
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&google_error=15
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
333
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 8BA5 		43 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
b7.80.fd9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Wed, 22 Sep 2021 17:54:19 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e274abdd-3af6-4a62-a24a-54c6d395d3f0
42 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e274abdd-3af6-4a62-a24a-54c6d395d3f0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug015:0:429
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e274abdd-3af6-4a62-a24a-54c6d395d3f0
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6225523299478106640
42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6225523299478106640
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug012:0:539
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6225523299478106640
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&gdpr=0&gdpr_consent=
42 B
495 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:17 GMT
cache-control
no-store, no-cache, private
x-lat
amspug010:0:612
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x26 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 23 Sep 2021 17:54:18 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4746351740882832372&gdpr=0&gdpr_consent=
42 B
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4746351740882832372&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug020:0:417
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
2afaaec6-4619-4e02-b863-73fd098da80d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4746351740882832372&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn
42 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-store, no-cache, private
x-lat
amspug008:0:396
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-lb5nupBE2uXHjHa4U8GlJGKBAqowPsA-~A&gdpr=0&gdpr_consent=
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-lb5nupBE2uXHjHa4U8GlJGKBAqowPsA-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:17 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
ATS/7.1.2.138
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-lb5nupBE2uXHjHa4U8GlJGKBAqowPsA-~A&gdpr=0&gdpr_consent=
Connection
keep-alive
Content-Length
0
A213C01F-72C3-46A4-BFE8-DB5971C42950
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 8BA5 		43 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/A213C01F-72C3-46A4-BFE8-DB5971C42950?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.176 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
pr-bh-ing.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
  • https://x.bidswitch.net/sync?dsp_id=283&user_id=4a58895e-b04a-4766-89f8-5aafc22efc56&expires=1&user_group=5&ssp=pubmatic&bsw_param=fbc95b47-9b9d-4815-bd33-0388d35a1721
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=&gdpr_consent=&gdpr_pd=
1 B
181 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug003:0:407
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=fbc95b47-9b9d-4815-bd33-0388d35a1721&gdpr=&gdpr_consent=&gdpr_pd=
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
current
pubmatic-match.dotomi.com/match/bounce/ Frame 8BA5 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=A213C01F-72C3-46A4-BFE8-DB5971C42950&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.215.202.140 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
ams01-login.dotomi.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame 8BA5
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
85 B
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YUy-SwADy8UUOAA6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
age
1688
x-served-by
cache-hhn4037-HHN
x-cache
HIT
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
x-timer
S1632419659.400492,VS0,VE0
content-length
85
x-cache-hits
14400

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1632419659.272607,VS0,VE94
x-served-by
cache-hhn4037-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YUy-SwADy8UUOAA6
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4371205415243979125&gdpr=0&gdpr_consent=&us_privacy=
1 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4371205415243979125&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:17 GMT
cache-control
no-store, no-cache, private
x-lat
amspug011:0:689
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4371205415243979125&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
image2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553&gdpr=0&gdpr_consent=
42 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:17 GMT
cache-control
no-store, no-cache, private
x-lat
amspug017:0:573
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:18 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:b48b1dfb-101c-45b4-9922-d07e10254883&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:b48b1dfb-101c-45b4-9922-d07e10254883&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:18 GMT
cache-control
no-store, no-cache, private
x-lat
amspug015:0:371
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:b48b1dfb-101c-45b4-9922-d07e10254883&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache/2.4.41 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
simage2.pubmatic.com/AdServer/ Frame 8BA5
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4746351740882832372
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4746351740882832372
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:17 GMT
cache-control
no-store, no-cache, private
x-lat
amspug002:0:292
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
aa982342-e460-4eb6-852e-0426d090fa81
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4746351740882832372
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
d1ba4609
rtb.gumgum.com/getuid/ Frame 8BA5 		35 B
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.52.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-52-16.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
tap.php
pixel.rubiconproject.com/ Frame 95F8
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1---
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&us_privacy=1---&_test=YUy-SwADzIAUhAA6
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUy-SwADzIAUhAA6&us_privacy=1---&_test=YUy-SwADzIAUhAA6
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUy-SwADzIAUhAA6&us_privacy=1---&_test=YUy-SwADzIAUhAA6
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
via
1.1 varnish
server
Varnish
x-timer
S1632419659.400518,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YUy-SwADzIAUhAA6&us_privacy=1---&_test=YUy-SwADzIAUhAA6
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 95F8 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&us_privacy=1---
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v1
ads.yahoo.com/cms/ Frame 95F8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&us_privacy=1---
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTX8IHAH-J-BAN7&sigv=1&esig=2~843828ccbebdf1921449d876eec7d953cb12bd76&us_privacy=1---
0
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTX8IHAH-J-BAN7&sigv=1&esig=2~843828ccbebdf1921449d876eec7d953cb12bd76&us_privacy=1---
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
87.248.118.22 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
e1.ycpi.vip.deb.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KTX8IHAH-J-BAN7&sigv=1&esig=2~843828ccbebdf1921449d876eec7d953cb12bd76&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 95F8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif?us_privacy=1---
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
tap.php
pixel.rubiconproject.com/ Frame 95F8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&us_privacy=1---
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/lAY_4teSx9cpoDfXiS9rgg?csrc=&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4899218291336490482
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4899218291336490482
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif

Redirect headers

date
Thu, 23 Sep 2021 17:54:19 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4899218291336490482
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 95F8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=abd9614c-bf4b-4100-8c35-f75bd03c2abe&expires=28
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=abd9614c-bf4b-4100-8c35-f75bd03c2abe&expires=28
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
Content-Type
image/gif

Redirect headers

Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
MT3 3984 0e3af3b master cdg-pixel-x6 config:1.0.1
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=abd9614c-bf4b-4100-8c35-f75bd03c2abe&expires=28
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 23 Sep 2021 17:54:18 GMT
pixel
cm.g.doubleclick.net/ Frame 95F8
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYOElIQUgtSi1CQU43&us_privacy=1---
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYOElIQUgtSi1CQU43&us_privacy=1---
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RYOElIQUgtSi1CQU43&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 95F8 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon?us_privacy=1---
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame ABE4 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=9e2fdb62-4f98-47e4-b8e5-89d940fb7e72&expiration=1640282059
Requested by
Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://um2.eqads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:19 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 23 Sep 2021 17:54:19 GMT
async_usersync
ib.adnxs.com/ Frame E3B9 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:20 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
d0a52805-8850-4ee0-87b5-4c40151848fe
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame FC5E 		0
735 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 23 Sep 2021 17:54:20 GMT
X-Proxy-Origin
216.131.114.115; 216.131.114.115; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
5bfb75ee-8b1b-4325-a8b0-8c60e9d9b8b9
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 8BA5 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156696&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:21 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
PugMaster
image6.pubmatic.com/AdServer/ Frame DE58 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=64007187&p=156696&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
275ba55cb6138fca06c4b741667a3a71aee6ea27b1b0c59c3418bb8e745267f6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:21 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1586
content-type
text/html; charset=UTF-8
Pug
simage2.pubmatic.com/AdServer/ Frame 1225
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
42 B
365 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144; KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003; KRTBCOOKIE_1101=23040-7011189053059823766; PugT=1632419659; SPugT=1632419661; chkChromeAb67Sec=2; DPSync3=1632441600%3A174%7C1633564800%3A221_226_227_235_201_197_219; SyncRTB3=1637539200%3A69%7C1633564800%3A166_81_8_104_88_57_161_189_99_22_21_13_7_71_204_55_231_56_230_220_234_222_233_3_54_176_165_5%7C1634947200%3A203%7C1632960000%3A223_2_15%7C1633219200%3A63%7C1633651200%3A35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:21 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_107=1471-uid:lx2zQmO81MtsVl5; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/ PugT=1632419661; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:21 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/
x-lat
amspug016:0:315
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Cache-Control
no-cache, must-revalidate
Date
Thu, 23 Sep 2021 17:54:22 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:lx2zQmO81MtsVl5&gdpr=0&gdpr_consent=
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma
no-cache
Server
PingMatch/8a430fa#rel-ec2-master i-0ab67c5d8ba5329d8@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Set-Cookie
wfivefivec=lx2zQmO81MtsVl5; Domain=.w55c.net; Expires=Sun, 23-Oct-2022 17:54:22 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Sat, 23-Oct-2021 17:54:22 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 66C0
Redirect Chain
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
  • https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
  • https://match.bnmla.com/usersync?dspid=6&uuid=C3007D7E0AEC456C923157B5EAEBDD04
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
42 B
110 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144; KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003; KRTBCOOKIE_1101=23040-7011189053059823766; SPugT=1632419661; chkChromeAb67Sec=2; DPSync3=1632441600%3A174%7C1633564800%3A221_226_227_235_201_197_219; SyncRTB3=1637539200%3A69%7C1633564800%3A166_81_8_104_88_57_161_189_99_22_21_13_7_71_204_55_231_56_230_220_234_222_233_3_54_176_165_5%7C1634947200%3A203%7C1632960000%3A223_2_15%7C1633219200%3A63%7C1633651200%3A35; KRTBCOOKIE_107=1471-uid:lx2zQmO81MtsVl5; PugT=1632419661; KRTBCOOKIE_860=16335-JMVMhbmbRxRCnc2T0ewcltiDcnM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:21 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/
x-lat
amspug016:0:342
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Thu, 23 Sep 2021 17:54:22 GMT
Content-Length
0
Connection
keep-alive
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=b26dd731-0336-4843-8caa-c9c6d28d17fd
Pug
simage2.pubmatic.com/AdServer/ Frame 2497
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
1 B
68 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144; KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003; KRTBCOOKIE_1101=23040-7011189053059823766; PugT=1632419659; SPugT=1632419661; chkChromeAb67Sec=2; DPSync3=1632441600%3A174%7C1633564800%3A221_226_227_235_201_197_219; SyncRTB3=1637539200%3A69%7C1633564800%3A166_81_8_104_88_57_161_189_99_22_21_13_7_71_204_55_231_56_230_220_234_222_233_3_54_176_165_5%7C1634947200%3A203%7C1632960000%3A223_2_15%7C1633219200%3A63%7C1633651200%3A35
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:21 GMT
content-type
text/html; charset=utf-8
content-length
1
set-cookie
PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/
x-lat
amspug020:0:410
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Thu, 23 Sep 2021 17:54:22 GMT
content-type
text/html
content-length
142
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:C3007D7E0AEC456C923157B5EAEBDD04
expires
Wed, 22 Sep 2021 17:54:22 GMT
cache-control
no-cache
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Pug
simage2.pubmatic.com/AdServer/ Frame A8CF
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
42 B
217 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
simage2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=A213C01F-72C3-46A4-BFE8-DB5971C42950; KRTBCOOKIE_409=22966-bMMHobAPaupDdwLIg9oxXiAS; PUBMDCID=3; KRTBCOOKIE_153=19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn; KRTBCOOKIE_699=22727-AAAEKk7CmX8AABnd9zOAUg; KRTBCOOKIE_188=3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553; KRTBCOOKIE_57=22776-4746351740882832372; KRTBCOOKIE_377=6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0; KRTBCOOKIE_391=22924-6225523299478106640&KRTB&23263-6225523299478106640; KRTBCOOKIE_27=16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe; KRTBCOOKIE_22=14911-4371205415243979125; KRTBCOOKIE_466=16530-fbc95b47-9b9d-4815-bd33-0388d35a1721; KRTBCOOKIE_336=5844-4625766518124530144; KRTBCOOKIE_594=17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003; KRTBCOOKIE_1101=23040-7011189053059823766; SPugT=1632419661; chkChromeAb67Sec=2; DPSync3=1632441600%3A174%7C1633564800%3A221_226_227_235_201_197_219; SyncRTB3=1637539200%3A69%7C1633564800%3A166_81_8_104_88_57_161_189_99_22_21_13_7_71_204_55_231_56_230_220_234_222_233_3_54_176_165_5%7C1634947200%3A203%7C1632960000%3A223_2_15%7C1633219200%3A63%7C1633651200%3A35; KRTBCOOKIE_107=1471-uid:lx2zQmO81MtsVl5; PugT=1632419661
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 23 Sep 2021 17:54:21 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_860=16335-JMVMhbmbRxRCnc2T0ewcltiDcnM; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/ PugT=1632419661; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 23-Oct-2021 17:54:21 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 22-Dec-2021 17:54:21 GMT; path=/
x-lat
amspug012:0:800
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 23 Sep 2021 17:54:22 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=JMVMhbmbRxRCnc2T0ewcltiDcnM
Set-Cookie
sa-user-id=s%3A0-24c54c85-b99b-4714-429d-cd93d1ec1c96.Et9roewsm96%2FeTzfMTvvzXxKXOccoJ0QsT0VcpoS4WY; Max-Age=31536000; Secure; SameSite=None sa-user-id-v2=s%3A0-24c54c85-b99b-4714-429d-cd93d1ec1c96%24ip%24216.131.114.115.VlLqn5ATM33iCJIK8uzUuwE8ZxLKcRPRTK%2FYjXRDk5I; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None
Content-Length
159
Connection
keep-alive
Artemis
aud.pubmatic.com/AdServer/ Frame DE58
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=A213C01F-72C3-46A4-BFE8-DB5971C42950&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=A213C01F-72C3-46A4-BFE8-DB5971C42950&addseg=10,33,39
43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=A213C01F-72C3-46A4-BFE8-DB5971C42950&addseg=10,33,39
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.229 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:22 GMT
content-length
43
content-type
text/plain; charset=utf-8

Redirect headers

date
Thu, 23 Sep 2021 17:54:22 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=A213C01F-72C3-46A4-BFE8-DB5971C42950&addseg=10,33,39
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame DE58
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent=
42 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
frontend-id
15
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 23 Sep 2021 17:54:19 GMT
frontend-id
14
location
/pubmatic/1/info2?sType=sync&sExtCookieId=A213C01F-72C3-46A4-BFE8-DB5971C42950&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
mw
mwzeom.zeotap.com/ Frame DE58 		95 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=A213C01F-72C3-46A4-BFE8-DB5971C42950
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.25.87 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:22 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6935a348d9b905f1-FRA
access-control-allow-headers
*
content-length
95
match
a.audrte.com/ Frame DE58 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.86.83.177 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-86-83-177.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
Pug
simage2.pubmatic.com/AdServer/ Frame DE58
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=489b288b-1c97-11ec-8e3f-0f1e794564a3&gdpr=0&gdpr_consent=
1 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=489b288b-1c97-11ec-8e3f-0f1e794564a3&gdpr=0&gdpr_consent=
Requested by
Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:21 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:510
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=489b288b-1c97-11ec-8e3f-0f1e794564a3&gdpr=0&gdpr_consent=
Date
Thu, 23 Sep 2021 17:54:22 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
489b288c-1c97-11ec-8e3f-0f1e794564a3
collect
tracking1.firstimpression.io/ 		2 B
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tracking1.firstimpression.io/collect
Requested by
Host: ecdn.firstimpression.io
URL: https://ecdn.firstimpression.io/fi_client.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.233.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-233-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.bleepingcomputer.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 23 Sep 2021 17:54:22 GMT
access-control-request-method
*
access-control-allow-methods
OPTIONS, GET, POST
content-type
text/plain
access-control-allow-origin
https://www.bleepingcomputer.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
2
SPug
simage4.pubmatic.com/AdServer/ Frame DE58 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156696&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 23 Sep 2021 17:54:22 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

233 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| cnxps object| freestar object| apd_options function| gtag object| dataLayer object| adsbygoogle function| __tcfapi function| __uspapi function| Blazy object| fixto function| validate_comment_box_not_empty function| cz_strip_tags function| cz_br2nl function| editForm string| loginhash boolean| main_nav_hide_flag number| scrollTop string| main_nav_hide_timer function| call_main_nav_hide number| cz_header_pos number| prevScrollTop function| loadDeferredStyles function| raf object| __cfBeacon boolean| fifabAlready function| fi_fab object| google_tag_manager object| $jscomp undefined| commonInit function| visibilityEventsManager function| visibilityEventsManagerDOM function| scrollEventsManager function| DeviceDetector object| FI object| JSON_PIWIK object| _fipaq object| FIPiwik object| AnalyticsTracker function| fipbChunk object| fipb object| _pbjsGlobals function| fiPrebidAnalyticsHandler function| fiQuery object| async object| google_tag_data string| GoogleAnalyticsObject function| ga object| _qevents function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| addthis_share object| addthis_config object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| cnx_usr_storage string| google_user_agent_client_hint object| gaplugins object| gaGlobal object| gaData boolean| __@@##MUH object| oattr function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| regeneratorRuntime function| __tcfapiui object| fiUtils object| $customVisiblity object| $waitOn function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState string| pubcidCookie object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| fsdata object| _comscore object| fsprebid object| scCGSHMRCache function| udm_ object| ns_p object| COMSCORE function| _ function| load_script object| googletag function| Tapad function| fsprebidChunk object| mnet object| player_instance_449ddded8fbd4d379ca1db8604ec01f0 object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| __bt_tag_d object| __bt_intrnl boolean| __bt_already_invoked object| apstag object| google_image_requests object| KMaXEC2 function| KMaXEC3 object| xop object| audSegDataResp string| kruxScriptId string| kruxIdScriptId string| kruxDataId string| kruxWhitelistSegments object| kruxScript function| checkMatchingSegments function| generateUUID function| getUserId function| getPageId function| getPageLog function| calculateDocumentType function| calculateReferer function| clientWindowHeight function| clientWindowWidth function| getBrowserSize function| firePageLog function| fireDataCall function| Krux function| ic_krux_getuserid string| IC_FS_PAGE_ID string| IC_FS_PAGE_REFERER boolean| apstagLOADED undefined| nQuery number| ntvLoadStart object| ntv object| prdom object| onFocusEvents function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript function| ntvArticleTracker function| ntvGetElementViewability function| ntvViewableImpressionTracker object| PostRelease object| ntvToutAds boolean| onFocus object| l1ClGa2 function| l1ClGa3 function| xblocker boolean| creativeVendorLibraryLoaded function| cnxProxyTask object| closure_lm_324157 object| q276DF function| q276Dr object| xblacklist undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| pxSrc undefined| px object| Moat#G23 object| MoatSuperV23 boolean| _lastFocusState string| a object| Moat#PML#23#1.2 boolean| Moat#EVA undefined| MoatOCR function| moatOcrSample object| MoatContent function| getVPAIDAd object| cnxtimeouts object| cnxintervals function| oldSetTimeout function| oldSetInterval function| clearAll boolean| msgData function| cnxAddEventListener

140 Cookies

Domain/Path Name / Value
.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor Name: _dlt
Value: 1
www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor Name: ntvSession
Value: {}
.3lift.com/sync Name: sync
Value: CgoIgQIQqvqsnsEvCgoI4gEQqvqsnsEvCgoI5gEQqvqsnsEvCgoIhwIQqvqsnsEvCgkICRCq-qyewS8KCQg6EKr6rJ7BLwoJCAsQqvqsnsEvCgoIjAIQqvqsnsEvCgoIzgEQqvqsnsEvCgkIXxCq-qyewS8=
.bleepingcomputer.com/ Name: session_id
Value: e950749ecf57e6089480a8ba4f021e68
www.bleepingcomputer.com/ Name: lav
Value: 11831
www.bleepingcomputer.com/ Name: __atuvc
Value: 1%7C38
www.bleepingcomputer.com/ Name: __atuvs
Value: 614cbf43bbcd91f4000
.bleepingcomputer.com/ Name: _ga
Value: GA1.2.955265408.1632419652
.bleepingcomputer.com/ Name: _gid
Value: GA1.2.1607028643.1632419652
.bleepingcomputer.com/ Name: _gat_gtag_UA_91740_1
Value: 1
www.bleepingcomputer.com/ Name: fsbotchecked
Value: true
.addthis.com/ Name: uvc
Value: 1%7C38
.addthis.com/ Name: loc
Value: MDAwMDBFVURFSEUyMzAxMTg4ODAwMzAwMDBDSA==
.reddit.com/ Name: csv
Value: 1
.scorecardresearch.com/ Name: UID
Value: 1CE4XQWQ8JVKDHEDW7JLYKg1632419652
www.bleepingcomputer.com/ Name: _fssid
Value: fed24005-349e-4b26-b158-ecb16d06841a
www.bleepingcomputer.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.bleepingcomputer.com/ Name: _pubcid
Value: 411541a6-16f1-4139-a24f-e4271498e66c
.springserve.com/ Name: ssid
Value: 66c543f5-df93-4324-b1e8-90976c67bf38
.springserve.com/ Name: sst
Value: 1632419652355
www.bleepingcomputer.com/ Name: cto_bidid
Value: _OHKSV9RJTJGOGNraUZhNyUyQlBHNFFIc1lTVXpOQzBYUlJMVHIwbzRuU1BhdWJTRE9TWWFTY01NZjhLT1dsV1RBYkxzYmxjME5SZTNORzd0VDRveWVXOVV1cURCbjYxQXhIV01UVWlPTmJ1bHN6R2IlMkZnTSUzRA
www.bleepingcomputer.com/ Name: cto_bundle
Value: GLa2Dl9qNWVPdFlMUk1LUnZUMEN4NWlTOEFhY3pqUU1XS0V0RkhwbXJtVUU5RjRMcTJQY1NOdjZBV0wlMkJocUNOa2YxOU1LSXE3YVFId3hmRm91MVB5a29PczFPSVhBeTglMkZZN2dMQ3lubnlEaEplTlolMkJESzlDVGVLdVBFMnM0eTd2SDhhZQ
.openx.net/ Name: i
Value: 411541a6-16f1-4139-a24f-e4271498e66c|1632419652
www.bleepingcomputer.com/ Name: ntv_as_us_privacy
Value: 1---
.investingchannel.com/ Name: ic_uid
Value: f410dace-4b94-4571-9f3b-6057d1d7b356
.rubiconproject.com/ Name: rsid
Value: 1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVwnwYaQOmrhRqqbYbmDio/LQRqqs1OnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKZdU6r+VKDQWVv/VO/a+hEPPQ==
.rubiconproject.com/ Name: vis2
Value: 151312^1
.rubiconproject.com/ Name: khaos
Value: KTX8IHAH-J-BAN7
.rubiconproject.com/ Name: ses2
Value:
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qq3XteXOZCGZ9ykSVAasc52pZoR5IbIWJBgfNh7iksUIcmOZNlrfnQZ8Wf+CDJvEd7vQn6gbej9EcxuhZpbWKLt+/AMC2wiya8=
.rubiconproject.com/ Name: ses15
Value: 151312^1
.rubiconproject.com/ Name: vis15
Value: 151312^1
.postrelease.com/ Name: opt_out
Value: 1
.pub.network/ Name: _fsuid
Value: 73d279a0-1c8e-479e-9d03-397ca049ca7b
www.bleepingcomputer.com/ Name: _lr_retry_request
Value: true
www.bleepingcomputer.com/ Name: _lr_env_src_ats
Value: false
.openx.net/ Name: pd
Value: v2|1632419659|mOgeginskin0vNomiygu
.bidswitch.net/ Name: tuuid
Value: fbc95b47-9b9d-4815-bd33-0388d35a1721
.bidswitch.net/ Name: c
Value: 1632419659
.bidswitch.net/ Name: tuuid_lu
Value: 1632419659
.3lift.com/ Name: tluid
Value: 4352010470323349887
.quantserve.com/ Name: mc
Value: 614cbf4b-0c752-3baff-904ab
.adnxs.com/ Name: uuid2
Value: 4746351740882832372
.casalemedia.com/ Name: CMPS
Value: 3166
.media.net/ Name: gdpr_status
Value: 1
.casalemedia.com/ Name: CMPRO
Value: 1155
.casalemedia.com/ Name: CMST
Value: YUy-S2FMv0sA
.adsrvr.org/ Name: TDID
Value: e274abdd-3af6-4a62-a24a-54c6d395d3f0
.w55c.net/ Name: wfivefivec
Value: lx2zQmO81MtsVl5
.mathtag.com/ Name: uuid
Value: abd9614c-bf4b-4100-8c35-f75bd03c2abe
.casalemedia.com/ Name: CMID
Value: YUy-SxsG5DKOdtJHZWnypAAA
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 313cbf04e897955629a9b79c2c782fa
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmOQNzY0Tk5KMzBJtbA0tzQ1NTOyTLRMMrdMNko2tzBKS2QAgkSf%2Fd4gGgoAO3UKGg%3D%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBI9NnvDaSgAAAVaQG4"
.w55c.net/ Name: matchopenx
Value: 5
.bleepingcomputer.com/ Name: panoramaId_expiry
Value: 1633024459091
.bleepingcomputer.com/ Name: _cc_id
Value: 313cbf04e897955629a9b79c2c782fa
.bleepingcomputer.com/ Name: panoramaId
Value: fac87375a4d8928de5937ac12e254945a702df53af2b74632348ab4487bd55a3
.adform.net/ Name: C
Value: 1
eus.rubiconproject.com/ Name: pux
Value: 1512%3D102809%262249%3D102809%262307%3D102809%262974%3D102809%263778%3D102809%26brx%3D102809%26idl%3D102809%26goog%3D102809%26
.smadex.com/ Name: smxtrack
Value: ed0d6ec3-d6d3-4ef5-b4d2-5de9480a362a
.adform.net/ Name: uid
Value: 6225523299478106640
.turn.com/ Name: uid
Value: 4371205415243979125
.bing.com/ Name: MUID
Value: 1A8EA1EE9DD262A602DBB1559C90638C
.pubmatic.com/ Name: KADUSERCOOKIE
Value: A213C01F-72C3-46A4-BFE8-DB5971C42950
.bidr.io/ Name: bitoIsSecure
Value: ok
.simpli.fi/ Name: suid
Value: C3007D7E0AEC456C923157B5EAEBDD04
.bidr.io/ Name: bito
Value: AAAEKk7CmX8AABnd9zOAUg
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNrQwNzAxNzS1tDAyMzE3MTUzMxHiM9QtCgtLiSqtSnP3twiQ4jU0MzYyMbQ0M7U0MjYAALpEZOA0AAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNrQwNzAxNzS1tDAyMzE3MTUzMxHiM9QtCgtLiSqtSnP3twgAAHVHKgQlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAPvFyGtoZmxkYmhpZmppZGwAAML-Oq0QAAAA
.quantserve.com/ Name: d
Value: ENUBEQGoJPijCJiTAA
.sitescout.com/ Name: ssi
Value: 4eec6f3c-ff2e-48aa-8ae2-3f444526e90e#1632419659255
.doubleclick.net/ Name: IDE
Value: AHWqTUmDEmV9jH13k1g7-6diP8mLmtYNY8zsVhfqUjEEVEfwCbzL-Iae3BdEPss85T4
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~20kh
.yahoo.com/ Name: A3
Value: d=AQABBEu_TGECEDZac3GIw58pofLWa52chSkFEgEBAQEQTmFWYQAAAAAA_eMAAA&S=AQAAAoz9FCs9DKYb909Ut2un_0Y
.erne.co/ Name: u
Value: bMMHobAPaupDdwLIg9oxXiAS
.taboola.com/ Name: t_gid
Value: bfa0ab7b-aaa5-4413-a6df-af63537304f5-tuct84644cb
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTYzMjQxOTY1OTI4M30
.mathtag.com/ Name: mt_mop
Value: 9:1632419659
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-bMMHobAPaupDdwLIg9oxXiAS
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn&KRTB&22979-_ISY16jTmNbnhc-D_4eBh6jUytLnjJyAq9dG9adn
.onaudience.com/ Name: cookie
Value: 20b2dc1715cdc9a2
.onaudience.com/ Name: done_redirects104
Value: 1
ads.playground.xyz/ Name: connect.sid
Value: s%3AOG-61xPopEoYy3EF-Vjt1h3IiQ0sZHig.qNPGLQtDHVMm3BEcHZha5R%2FRq80e5B9XtnCb0BXcIx4
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAAEKk7CmX8AABnd9zOAUg
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-4eec6f3c-ff2e-48aa-8ae2-3f444526e90e-614cbf4b-5553
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-4746351740882832372
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&22918-e274abdd-3af6-4a62-a24a-54c6d395d3f0&KRTB&23031-e274abdd-3af6-4a62-a24a-54c6d395d3f0
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-6225523299478106640&KRTB&23263-6225523299478106640
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&16736-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23019-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe&KRTB&23114-uid:abd9614c-bf4b-4100-8c35-f75bd03c2abe
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-4371205415243979125
.nrich.ai/ Name: _nauid
Value: 4a58895e-b04a-4766-89f8-5aafc22efc56
.adsby.bidtheatre.com/ Name: __kuid
Value: b48b1dfb-101c-45b4-9922-d07e10254883.401633659
.de17a.com/ Name: guid2
Value: 1.4625766518124530144
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwiQ4Z-yprH_ORAFGAEgASgCMgsItuqC4Lyx_zkQBTgBWgthZGNvbmR1Y3RvcmAC
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003%22%7D
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-fbc95b47-9b9d-4815-bd33-0388d35a1721
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YUy-SwADzIAUhAA6
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-4625766518124530144
.onaudience.com/ Name: done_redirects236
Value: 1
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: lidc
Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2446:u=1:x=1:i=1632419659:t=1632506059:v=2:sig=AQFGutYLtJ3rUtzSdOrWI9r13VRPsJYC"
.linkedin.com/ Name: bcookie
Value: "v=2&a6e9e0b8-053b-4f6f-87db-e746a30f7530"
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003%22%7D
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003&KRTB&17107-RX-bc2b2e68-a86b-4bcc-ac2f-f04b195b2c35-003
.eyeota.net/ Name: mako_uid
Value: 17c13cb3ebe-737c0000010f5afa
.eyeota.net/ Name: SERVERID
Value: 23290~DM
.eqads.com/ Name: EQUser
Value: UID=9e2fdb62-4f98-47e4-b8e5-89d940fb7e72
id.sharedid.org/ Name: sharedid
Value: 01FG9WPFNTQGGM017J3MY9JKF9
www.bleepingcomputer.com/ Name: cookie
Value: %7B%22id%22%3A%2201FG9WPFNTQGGM017J3MY9JKF9%22%2C%22ts%22%3A1632419659537%7D
.tribalfusion.com/ Name: ANON_ID
Value: aKnseFxNeThBeZdwQMhTv4Zc0434xm8SA9C2MbTZbZcqcsCbYVSWipBpG21j9PjiEQyosbtAfFMkrpS9Zbd2BKmID
.casalemedia.com/ Name: CMRUM3
Value: 27614cbf4b0b40&98614cbf4b2760a01c1fd8-b616-4d57-9556-788764f6d960&33614cbf4b05a0&f1614cbf4b05a0&dd614cbf4b2760&2d614cbf4b05a0&40614cbf4b2760no-consent&e6614cbf4b2760&39614cbf4b27601870471598264745664&ce614cbf4b05a0
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 725ff415220aeb9b
.adfarm1.adition.com/ Name: UserID1
Value: 7011189053059823766
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7011189053059823766
.ads.pubmatic.com/ Name: repi
Value: 1
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.pubmatic.com/ Name: DPSync3
Value: 1632441600%3A174%7C1633564800%3A221_226_227_235_201_197_219
.pubmatic.com/ Name: SyncRTB3
Value: 1637539200%3A69%7C1633564800%3A166_81_8_104_88_57_161_189_99_22_21_13_7_71_204_55_231_56_230_220_234_222_233_3_54_176_165_5%7C1634947200%3A203%7C1632960000%3A223_2_15%7C1633219200%3A63%7C1633651200%3A35
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:lx2zQmO81MtsVl5
.pubmatic.com/ Name: PugT
Value: 1632419661
.zeotap.com/ Name: zc
Value: 30b80080-0a24-408f-7dc0-373ad00d7015
.fiftyt.com/ Name: fifid
Value: 87b0ce24-f66a-4043-7812-3e2e74faa523
.fiftyt.com/ Name: cs
Value: MTYzMjQxOTY2MnxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fH1nJl6lJqnfxkS594xUB6bViBF0bVGfCk9zwa6i2H6J
.fiftyt.com/ Name: fppm
Value: 20210923175422
.semasio.net/ Name: SEUNCY
Value: FB52DF4F96BE7AE8
.bnmla.com/ Name: rx_sspurl_10738
Value: https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3Db26dd731-0336-4843-8caa-c9c6d28d17fd
.bnmla.com/ Name: rx_uuid
Value: b26dd731-0336-4843-8caa-c9c6d28d17fd
.bnmla.com/ Name: rx_maxage_10738
Value: 1633715662
.bnmla.com/ Name: rx_sspid_10738
Value: 6
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-24c54c85-b99b-4714-429d-cd93d1ec1c96.Et9roewsm96%2FeTzfMTvvzXxKXOccoJ0QsT0VcpoS4WY
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-24c54c85-b99b-4714-429d-cd93d1ec1c96%24ip%24216.131.114.115.VlLqn5ATM33iCJIK8uzUuwE8ZxLKcRPRTK%2FYjXRDk5I
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-JMVMhbmbRxRCnc2T0ewcltiDcnM
.ipredictive.com/ Name: cu
Value: 489b288b-1c97-11ec-8e3f-0f1e794564a3|1632419662541
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-489b288b-1c97-11ec-8e3f-0f1e794564a3&KRTB&23011-489b288b-1c97-11ec-8e3f-0f1e794564a3
.pubmatic.com/ Name: SPugT
Value: 1632419662

8 Console Messages

Source Level URL
Text
other warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 72)
Message:
Origin trial controlled feature not enabled: 'trust-token-redemption'.
other warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 72)
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript error URL: https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js(Line 214)
Message:
Refused to set unsafe header "Cookie"
javascript warning URL: https://cd.connatix.com/connatix.playspace.js(Line 15)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://vpaid.springserve.com/production/vpaid_68c68ea6.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://cd.connatix.com/connatix.playspace.js(Line 15)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://vpaid.springserve.com/production/vpaid_68c68ea6.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=1258
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.rlcdn.com/709414.gif?us_privacy=1---
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=A213C01F-72C3-46A4-BFE8-DB5971C42950
Message:
Failed to load resource: the server responded with a status of 502 (Bad Gateway)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.pub.network
a.tribalfusion.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.yahoo.com
ads.yieldmo.com
api-public.addthis.com
api.btloader.com
api.rlcdn.com
aud.pubmatic.com
audit-tcfv2.quantcast.mgr.consensu.org
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
biddr.brealtime.com
btloader.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c.pub.network
c1.adform.net
c2shb.ssp.yahoo.com
capi.connatix.com
cd.connatix.com
cdn.districtm.io
cdn.firstimpression.io
cdn.krxd.net
cds.connatix.com
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
contextual.media.net
csync.loopme.me
d.pub.network
d5p.de17a.com
dggaenaawxe8z.cloudfront.net
dis.criteo.com
dmx.districtm.io
dsp.adfarm1.adition.com
dsp.nrich.ai
dsum-sec.casalemedia.com
eb2.3lift.com
ecdn.analysis.fi
ecdn.firstimpression.io
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
green.erne.co
grid.bidswitch.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.crwdcntrl.net
id.rlcdn.com
id.sharedid.org
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
jadserve.postrelease.com
js-sec.indexww.com
m.addthis.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
mwzeom.zeotap.com
p.rfihub.com
pagead2.googlesyndication.com
pghub.io
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.media.net
ps.eyeota.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
quantcast.mgr.consensu.org
rtb-csync.smartadserver.com
rtb.gumgum.com
rules.quantcount.com
s-jsonp.moatads.com
s.amazon-adsystem.com
s.ntv.io
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.cloudflareinsights.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.extend.tv
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tagan.adlightning.com
test.quantcast.mgr.consensu.org
tlx.3lift.com
token.rubiconproject.com
tracking1.firstimpression.io
trc.taboola.com
uat5-a.investingchannel.com
uipglob.semasio.net
um.simpli.fi
um2.eqads.com
ups.analytics.yahoo.com
us-u.openx.net
v1.addthisedge.com
vid.connatix.com
vid.springserve.com
visitor.fiftyt.com
vpaid.springserve.com
widgets.outbrain.com
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.reddit.com
x.bidswitch.net
z.moatads.com
s7.addthis.com
104.109.78.125
104.16.190.66
104.16.95.65
104.17.119.107
104.18.13.5
104.20.60.209
104.21.192.119
104.22.25.87
104.26.11.209
104.26.13.6
104.26.2.70
108.128.233.207
108.174.11.85
13.248.242.197
130.211.23.194
142.250.181.226
142.250.181.234
142.250.184.194
142.250.184.196
142.250.184.238
142.250.185.102
142.250.185.194
142.250.185.234
142.250.186.134
142.250.186.35
142.250.186.72
142.250.186.98
143.204.101.79
143.204.95.188
143.204.98.113
143.204.98.120
143.204.98.20
143.204.98.34
143.204.98.46
143.204.98.59
143.204.98.71
143.204.98.82
143.204.98.96
151.101.1.140
151.101.129.108
151.101.129.44
151.101.194.49
151.101.2.133
151.101.2.137
151.101.66.137
159.253.128.183
159.65.197.210
162.55.6.212
169.197.150.8
172.217.23.99
172.67.68.60
172.67.70.134
178.250.0.163
178.250.2.146
18.156.0.31
18.156.195.47
18.184.216.10
18.185.169.108
18.194.125.59
18.224.208.55
184.30.24.121
184.31.84.150
185.29.134.244
185.33.220.240
185.33.220.241
185.64.189.110
185.64.189.112
185.64.189.114
185.64.189.229
185.64.190.78
185.64.190.81
185.86.138.142
193.0.160.129
198.148.27.139
2.18.233.180
2.18.234.163
2.18.234.190
2.18.234.21
2.18.235.40
2.18.235.93
204.79.197.200
212.82.100.176
213.155.156.169
213.19.147.45
213.19.162.61
34.107.148.139
34.120.133.55
34.149.20.76
34.192.90.164
34.204.22.100
34.210.233.105
34.253.111.115
34.98.107.212
35.156.230.193
35.201.71.192
35.201.96.126
35.212.217.28
35.241.45.217
35.244.159.8
35.244.174.68
37.157.2.239
38.27.122.158
46.228.164.11
51.210.112.63
51.255.68.171
52.16.151.94
52.17.148.138
52.18.52.16
52.208.100.147
52.29.213.60
52.46.154.242
52.57.157.170
52.58.182.33
52.70.17.21
52.86.150.190
52.86.83.177
54.173.185.122
63.215.202.140
63.251.232.170
66.155.71.150
67.202.105.21
69.173.144.138
70.42.32.159
76.223.111.18
77.243.60.138
85.114.159.93
87.248.118.22
87.98.228.78
91.228.74.226
00ad7559ff41329f3e5059981488c80104fce7a775a352d9799eb73b26f947ef
028b495c8157e6650d5964a03dee56ad20210a62f43002a730fa73c157d3ee32
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05a9e97f7f3a56f3eb9397da71f723e2a0a34de7d626b74823618ce4c4d3f09a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08d3eb70eae303f1279feb07951346b2e22786a30e04d4f6659df9704d033456
0a5c20add80dfa892c8ce20c1185a664b9d9ba991c3b7281db96dab5178bfbf6
0b37f3d8aa5e1f298bf71477c945f576745020ce44f048ec67e19a93cd285372
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0beb1d06200fb1b83e9f0e98f2186c4ea586e05d09025f30baed02a1443cc79b
0da2d19a2f652bea99b8b03e5d84895df7183688b442b141ac3af1d2271cdf31
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f3fa0930cf79ff02551c078842ac9201bb9f5db85260813ea6dd42d95daa7c9
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
0f5dff136e7071b728482a6554cf4910d11f7f90b134b41d586a6745c4783d57
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
1b6b991e1fba2677f90c7233e9466d91e437d21c4cb131124387331a9f50912c
1fd66396731ba6db34f326420a8921e372ca68ec3e11de6bd8e4933cfd99ab6d
21e8d8b0797d560685d411df0d5e6c418fecf54dab920f38fd0f7ea50c2a3fac
22af44f9306959fde82eea314673316e545115b8515e6d272aea9006b9bd14ad
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
275ba55cb6138fca06c4b741667a3a71aee6ea27b1b0c59c3418bb8e745267f6
28d4e8c1043164607dcdeb358e2a08c9565fe286ceeeabea79e67f8c680187e7
2c67caf4d2f4c50ebefc183c6ccc8e615aad2da1d491b1ac265c479f9dd19d3a
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2c9adacf90f2c434aef36301ba50b24bfe9b10651508fd1ff8880247106872c1
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
300162362d4af4e5e7b77d54692836b3edd65b38839fd9eca0ddc2af2e5747eb
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
34beee1c44d75fd15dce4acec84358f92495f58d3077bab53f51c864eac6e9b7
34f9690f8a90544be3e1a3885c433ae7e8c4f0f090e133586ce0c2e2d0cecf1d
36a3b8cc21c2aa36f5eab65ee9f6489d77a3769c29c5336ecb0abdb4f001ccc7
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3747f6289ae1949fa27f35e81fa24aef2c921a8cc237f88e7d50817035c8035c
3be38c6b1dd1cf226e8abbbc65affb291b7cbd711f49da8558cd75b1121d5179
3cbbd6651b7a82d37835330010e8555542b00d2e71e883d16b25e683bb3bdbce
3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dea865ab0834b643348ef235b80201da9fc4c4aa1dd684bbab44504bbe85ed6
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40fc3110d5f931674959f6969442d44557967cab4a384ac6db64474ec51ee0c1
4215119fe80ae95987529534967243b4abfbfbcdd067b310dcea39dc6a1f0cc6
4217045a8d701cac3b4a766a11076e7cc5342087464a8a6e3cc7e4f9feec09a3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259
450e469eb374f3a1586e43f09f042fe1a4b60eddd240e486a7ecaefa8855fbe5
459f28b600f9e797d787edbafe630e97b7de63544ea0745f9dda1f311d11fd22
476b07300d01ac87154201e7f53058ea566df675c117c00305a8acd7d75449d2
47c42b813ef5a4ef340f6197125220930c136c224571d3d2bc4ce92163feafbc
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4901b094a91ea6d5aba73774bb9803fdca22599cfca597ef81249225b5ed01b4
49596058da1e7b40f4e04c16a769ead3b7127dc295c4f77ccd4ab6e8bdda6e21
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
51acb417c8a3b7a12e9013a3ce1450a62d195babbe785c6c92cc41c925691479
52c41152c7916b4cf3b3a90f790faa0ba7f746603671e286531bc50407d844ca
52e49403f2e676bb58e84f304972acd11eb91a44b0727c918504de224e8ae189
5489c9a241b03428a5e5aa4277e6a1350350cf87d84cd1826bff10c8854290d3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5699e55c9324f8deac7aa5d795cde1d643115d21b656e5078653a98fc1d70729
57292d9d8c895f526c9f7cdae30de7ee3bad46137b432711a1c1fb19a3061cab
587e2e7350886d6b5fd31e385638ffe5cf3331c82260e8fe76523f99cda27a42
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
5929d8c37546d0b506b56a31a15c366cb157694833c126ed0174f1ad4cf01ff8
5f93955f96c40173de1af7905a88a3f319f0a8502bb56bfa08bd256297f3609a
6097344ff5f784720afb0edb33df4a046ea36d0637a82df2ba81fc31b3a39b45
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
64b72e85ed0a94e333fc1b0e36f18464ed0e6bccf12e45ca9408c065bb721300
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb7a0f1b27452f54216be22fccf5fdd447a6bd89aa008d7af2b447fd846df37
6d23d10111755a12c87198df1c71cce449de31eca9643030c6327a2157f9bd86
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
6dbcf22071c69ee17235ebbdc0a5518e4d70de025ae86277183b572bfc107acb
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
7236226f009b4fbcf804bb88a6b503b8cd5aaf6d8a58890422f00f23175d1674
72fe607b69e600f651754adaf8d7963e74ed8e388d6bbc8191463a447e38fbf3
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
751dcf9dcab28e7704b6c2b25d6288581f8a45af878fd628135cec03d8112eed
786dbb4402793fadd0112db771392a0509ffcb2806545e94a879af9c6d87415f
7b4dfe0116aa5e7337912f97ae96a7fb8f6cc0e8f0417cca7e47a98dac3ee500
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7baadf42bdd7151de787de3b98f1c65f55cc2b3d34d4fbe90a0e490756dd3a1b
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7d9d68dd93a8710a62825afaf2248f331a5b0f5db57d9f9bf18b732564a63ced
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
81a281b4628ba19659e6b3f62306f44209a444f8d0bccc85efbd36ff359c5625
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
85ee0977e4d20d64c4936b3523a22b48e2ed721b6cca20bb2553a101e8e72e63
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b4cc15903add611a1de1dec9cf32ead4c5a35ede7a7a64a429dbfb2028ece3f
8c4eab9bc7c098db5d26b703be15bb173f8b729b5fde66e0ab541263d8e80a5f
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e4a8088c5381b7a79b06298a4d47515e1b04bb49a9f6f6455639e552b73ff7a
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec
8ebb5d21ad3b4e1537cf3b4ff154f776a4af48bb79f51769e91c223168b202df
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8
90fe46113bfbc6f5c431bc1f2ce9d6faab7b8f4ebad3e78d9e2f790d0dcd25aa
922851ab1a5fce51fbdb9306f1329bf8e80919b6c443b38792b183da23d15314
923a7d675666ba1265aa3b4dba66990a821f9685a927e36481406a70e1f8f4a0
9244c46bc50349bd4ff3fa908a72b1085afe125f05f7c411e2d57adb259dcd2c
92cc0c318ec8fcf08d999aa5d3cf5fb61c6fb2a4943ba5e0f1c7d164efe6322b
92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d
938aa2be9d98b8fec6514a5274defc6da03c05b6cb9d7c30a6ebda979b7f73a4
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
956035a88a8424f2d36b292231cd4cd7ed705d412b47a7aa929f7b537196c1cb
95daa2ccfa048940e1e966d2c27104c227d207eafc22e99d80c0f4c08426c6aa
975b62423e82390a1b54f47625f46f5b4451a8ea69945b2e85008a194bb55edd
995093817307fa7a4404ac5a302a77f54909bdd988cd0517cea3748f1e8c3bb2
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cdb6bfef8d4212d9bf634ca6724a28e85dfa69cd404e6f9d3760d70a7873949
9d66ec75c8cff55625a50e92993197796b806e1cca7b72080bb1d4ef6d062406
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2772a00116e7391d1858bcdfb85a7f366d1e44a38c6a948485d87fcdf908489
a54b6501010a2a11a342b7f1459a10336ce2b96a98c523c015de676203f1e282
a5ad4fb0d40625889969083053d32ab1191e66c11bb4aebfde2643954c0f5673
a7137149c434905bf668231ae60c779cd0943bbf599cfb16e4b7f424725da8d9
aad15a6fbf7002a4ec29808c3c48a5ca17265648f5fa3e4988fc0ef81f909e9c
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
acd89c8dd5cc9cf47ee574302ec883993c33d419da8840ddb05763b857f1f09f
ae13d57e027e010c6247fe41e1478d117c49dc5ab90e8c3b31ef53e80ccacfed
ae4618601156d750a4a6eb1d035bb652500986aeee475db050fa91d3c185bcee
aeb0b4cf7bfababda4faef3db20e6ff5f7dc57aa0b6ab6834765b2f6b9a497cf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b746f9ab418814aedd97f692a111978908bddafc965c34c84efddb1e2922e6ce
b7cc31cf2bdd679f09c2d137ae4e8d0c4a4cf21ea652a4c5be54035b7c66fce0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc4983ff47aa370208c5d867bd1dab238125083437ff240f94f85a4cb4a46dfd
bda131b6bcc145f877ff71bbda1135a0e605b445e0d006cd3a9acb5a1862d601
be5b86a8fd8b9712c5ff856e630d63f43f0f375a805f933ac4235696b09a0730
c08b67df1a99f8b39d7b2139082176c3f80cee8e5968ac1ea52db94b34c08727
c0bbf09d3a37f8d4e1ef32195290ad4a2c1994719f40eb6397a784c6c665e632
c13d034eaf2fa73680d0abdbe02ac23b73e3128b5c7f0ee7018eb7b3fbe84a72
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c9d50edae9ab89f8373214510b01eb50f60e16bd5e71328173962c0e13b31c07
ca22345f969dd8077c21281572a34d4a51bc6a5ad9d764bd1338b2c12a68c3e3
ca2e5c101658391c814501d092ecb438250c627fc7a18a9d5e968b32aa0b0ba6
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cec8d19f458f1e574d6aaad952b2f4f44beeefaf87828f34443807d4aaa22050
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfac05f501d6d4d62e29fff1049569c3c2aa8732af8db3a36e8fa252f05f5861
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d05b2f52c9bb4226b0ce7c630e57fb1353726786a25f0503f69fef6308e212ef
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d676ce65302aa315d4907ed26a7747e7c635421f0ff830eadece68fa2ab8ba1c
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
db8b7e5f01920e5e34f1ea6b09e53dcab97c99d6b1f8c952e1cf31933b5e936c
dcadac01c15fd23fd69c73bd74aea64b86e95a4fd847b4049dff4b9abc65165e
e0aad029d69e06dc051807823dc5e5765186187f125a660b2d177b692869246f
e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201
e1e865db1ff9a0baca5c9edf41b4f49be785666ac7eeebe0405d694ba49fd6a9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e539621b61632433639bcc621c631db1823d204ce417cfa715e26a2f027f0c64
e73d3b1d5d0310f9cf2a2e6edca7b52de355505e19a74794004e7654319fbc68
eae4eb14d17fea63636f06374dc08bcb6034cbb9276bdf6b28e4778653b3a5dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10286e5a95004c9e6134c024d6c13813397611e17a6bfb6226f109b7c797f70
f254c9e3275a3332533acf314de3ecc4a0b8d6c2be9b26c206b09985a8caecea
f2f068be85b7718f69109a7eb4b4b4ccb5db05a837bd33c319319380d15cf2d3
f51d2d4e9741eeb36c2de4bcb9ed4ce04513e0102ee78275d95d1dba67c932b8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
ff420b26b8a33e1bcae39c4d165c2cc259681bbb7b32565dbd7644c1d84cbfa8