threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Submission: On March 17 via api (March 17th 2022, 7:22:10 pm UTC) from AU — Scanned from DE

Summary HTTP 456 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 107 IPs in 10 countries across 93 domains to perform 456 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 152275.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
11	18.66.139.84 18.66.139.84	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3031::6815:456d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2600:9000:225... 2600:9000:2250:ea00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2600:9000:249... 2600:9000:2490:5800:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 11	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
5	108.138.3.177 108.138.3.177	16509 (AMAZON-02) (AMAZON-02)
1 6	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	18.188.70.14 18.188.70.14	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
11 42	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	104.111.219.144 104.111.219.144	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
3	34.251.227.193 34.251.227.193	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2 4	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	54.155.215.129 54.155.215.129	16509 (AMAZON-02) (AMAZON-02)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
7	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
9	18.223.14.239 18.223.14.239	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:7400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
2	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
2	51.89.21.10 51.89.21.10	16276 (OVH) (OVH)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
5	213.19.147.43 213.19.147.43	3356 (LEVEL3) (LEVEL3)
1	18.159.232.76 18.159.232.76	16509 (AMAZON-02) (AMAZON-02)
3	23.0.33.234 23.0.33.234	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	147.75.38.124 147.75.38.124	54825 (PACKET) (PACKET)
1 19	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
3 12	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 5	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.184.75.207 18.184.75.207	16509 (AMAZON-02) (AMAZON-02)
3	52.28.203.152 52.28.203.152	16509 (AMAZON-02) (AMAZON-02)
1	18.197.113.18 18.197.113.18	16509 (AMAZON-02) (AMAZON-02)
4	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
2 7	165.227.252.242 165.227.252.242	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
10	54.78.140.244 54.78.140.244	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1 24	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
3 11	104.107.161.8 104.107.161.8	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2 3	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 2	51.178.20.139 51.178.20.139	16276 (OVH) (OVH)
15 16	18.194.141.235 18.194.141.235	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.178.101 35.210.178.101	19527 (GOOGLE-2) (GOOGLE-2)
1 1	35.205.207.25 35.205.207.25	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	104.107.160.200 104.107.160.200	16625 (AKAMAI-AS) (AKAMAI-AS)
5	104.107.160.214 104.107.160.214	16625 (AKAMAI-AS) (AKAMAI-AS)
5 5	18.196.142.162 18.196.142.162	16509 (AMAZON-02) (AMAZON-02)
5 8	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 3	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
4 9	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1 1	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
1 2	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
5 5	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
4 5	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
3 3	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5 5	37.157.2.235 37.157.2.235	198622 (ADFORM) (ADFORM)
1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1	35.212.101.174 35.212.101.174	15169 (GOOGLE) (GOOGLE)
1	2604:9e00:1:1... 2604:9e00:1:129::2:a01	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 3	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	206.189.254.17 206.189.254.17	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
3 6	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
6	184.30.209.152 184.30.209.152	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 4	2a05:d018:d29... 2a05:d018:d29:3602:8032:ea84:336c:262b	16509 (AMAZON-02) (AMAZON-02)
2 2	3.123.251.241 3.123.251.241	16509 (AMAZON-02) (AMAZON-02)
1 1	51.75.146.160 51.75.146.160	16276 (OVH) (OVH)
4 4	52.31.32.190 52.31.32.190	16509 (AMAZON-02) (AMAZON-02)
1 1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	185.86.139.113 185.86.139.113	201081 (SMARTADSE...) (SMARTADSERVER)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 7	52.46.154.242 52.46.154.242	16509 (AMAZON-02) (AMAZON-02)
1 14	52.31.89.136 52.31.89.136	16509 (AMAZON-02) (AMAZON-02)
2	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
2	185.86.139.103 185.86.139.103	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
7 7	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
2 3	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
3	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 3	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
3 4	70.42.32.127 70.42.32.127	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	54.145.48.80 54.145.48.80	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.202.13.238 52.202.13.238	14618 (AMAZON-AES) (AMAZON-AES)
1	141.148.45.191 141.148.45.191	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	63.33.104.96 63.33.104.96	16509 (AMAZON-02) (AMAZON-02)
2	52.19.170.216 52.19.170.216	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
2 2	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
2	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	202.241.208.55 202.241.208.55	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	18.66.112.125 18.66.112.125	16509 (AMAZON-02) (AMAZON-02)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 3	54.239.38.253 54.239.38.253	16509 (AMAZON-02) (AMAZON-02)
2 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	178.162.133.148 178.162.133.148	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	35.172.159.73 35.172.159.73	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4680:b988:ecc0:9832:67ce	14618 (AMAZON-AES) (AMAZON-AES)
1	8.43.72.98 8.43.72.98	26667 (RUBICONPR...) (RUBICONPROJECT)
456	107

34 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.66.139.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-84.fra60.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3031::6815:456d (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2250:ea00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:2490:5800:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.138.3.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-3-177.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.194.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.188.70.14 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-188-70-14.us-east-2.compute.amazonaws.com

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 142.250.185.130 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.219.144 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-219-144.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.251.227.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-227-193.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.215.129 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

kaspersky.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.88.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.223.14.239 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-14-239.us-east-2.compute.amazonaws.com

capi-tier-2-us-east-2.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:7400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.21.10 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p24.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.43 (United Kingdom)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.232.76 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-232-76.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.0.33.234 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-0-33-234.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.38.124 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gift-connect-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.33.221.91 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.251.249.9 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.184.75.207 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-75-207.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.113.18 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-113-18.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 165.227.252.242 (North Bergen, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.78.140.244 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba0a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

9582686.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.107.161.8 (Berlin, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-161-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.178.20.139 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns31193669.ip-51-178-20.eu

c.eu1.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 18.194.141.235 (Frankfurt am Main, Germany) 15 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-141-235.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.178.101 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 101.178.210.35.bc.googleusercontent.com

a.volvelle.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.205.207.25 (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 25.207.205.35.bc.googleusercontent.com

ads.avads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.107.160.200 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-160-200.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.107.160.214 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-160-214.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.196.142.162 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-142-162.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 3.33.220.150 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.105.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 64.202.112.191 (Leesburg, United States) 5 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 193.0.160.129 (United States) 4 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.134.244 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.2.235 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.212.101.174 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 174.101.212.35.bc.googleusercontent.com

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2604:9e00:1:129::2:a01 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.torchad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.189.254.17 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 76.223.111.18 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.30.209.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-209-152.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a05:d018:d29:3602:8032:ea84:336c:262b (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.251.241 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-251-241.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.146.160 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: de03.roqad.pl

ws.rqtrk.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.31.32.190 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-32-190.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.139.113 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.46.154.242 (Ashburn, United States) 4 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 52.31.89.136 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.103 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.249.14 (Amsterdam, Netherlands) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 213.19.147.44 (United Kingdom) 7 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.50 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 70.42.32.127 (United States) 3 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.145.48.80 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-48-80.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.13.238 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-13-238.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.148.45.191 (United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.104.96 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-104-96.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.170.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.35.65 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.55 (Japan) 1 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.125 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-125.fra56.r.cloudfront.net

cm.smadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.239.38.253 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.148 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1.go.sonobi.com

go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.172.159.73 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-159-73.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4680:b988:ecc0:9832:67ce (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	threatpost.com threatpost.com — Cisco Umbrella Rank: 152275 assets.threatpost.com — Cisco Umbrella Rank: 415104 media.threatpost.com — Cisco Umbrella Rank: 280247	1 MB
53	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 68 9582686.fls.doubleclick.net — Cisco Umbrella Rank: 289584 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	278 KB
46	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 122	270 KB
23	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3021 cds.connatix.com — Cisco Umbrella Rank: 3082 capi.connatix.com — Cisco Umbrella Rank: 2633 lit.connatix.com — Cisco Umbrella Rank: 6531 capi-tier-2-us-east-2.connatix.com vid.connatix.com — Cisco Umbrella Rank: 3623 img.connatix.com — Cisco Umbrella Rank: 3711	1 MB
21	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	634 KB
20	rubiconproject.com 7 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 412 eus.rubiconproject.com — Cisco Umbrella Rank: 503 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 944 token.rubiconproject.com — Cisco Umbrella Rank: 595 pixel.rubiconproject.com — Cisco Umbrella Rank: 289 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 942	39 KB
20	openx.net 1 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 17237 u.openx.net — Cisco Umbrella Rank: 621 eu-u.openx.net — Cisco Umbrella Rank: 1751 us-u.openx.net — Cisco Umbrella Rank: 323 rtb.openx.net — Cisco Umbrella Rank: 1359 gift-connect-d.openx.net — Cisco Umbrella Rank: 11553	4 KB
18	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 205 acdn.adnxs.com — Cisco Umbrella Rank: 523 secure.adnxs.com — Cisco Umbrella Rank: 359	67 KB
16	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1487 rtb.gumgum.com — Cisco Umbrella Rank: 991 usersync.gumgum.com — Cisco Umbrella Rank: 4784	5 KB
16	bidswitch.net 15 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	7 KB
15	yahoo.com 8 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 682 ups.analytics.yahoo.com — Cisco Umbrella Rank: 268 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416	7 KB
15	amazon-adsystem.com 6 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 275 s.amazon-adsystem.com — Cisco Umbrella Rank: 260 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1352	48 KB
13	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	3 KB
12	1rx.io 7 redirects tag.1rx.io — Cisco Umbrella Rank: 1169 sync.1rx.io — Cisco Umbrella Rank: 491	5 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 1811 public.servenobid.com — Cisco Umbrella Rank: 3714	10 KB
11	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 409 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 476 dsum.casalemedia.com — Cisco Umbrella Rank: 1197	11 KB
11	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1314	247 KB
10	gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com fonts.gstatic.com	417 KB
9	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 293	3 KB
9	pubmatic.com 1 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 417 ads.pubmatic.com — Cisco Umbrella Rank: 419 image2.pubmatic.com — Cisco Umbrella Rank: 774	30 KB
8	serverbid.com 3 redirects e.serverbid.com — Cisco Umbrella Rank: 2774 sync.serverbid.com — Cisco Umbrella Rank: 5262	1 KB
7	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 603 ssbsync.smartadserver.com — Cisco Umbrella Rank: 1266	2 KB
7	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 512 eb2.3lift.com — Cisco Umbrella Rank: 346	3 KB
7	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 399 fonts.googleapis.com — Cisco Umbrella Rank: 35	703 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 18070	324 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 434 www.linkedin.com — Cisco Umbrella Rank: 609 px4.ads.linkedin.com — Cisco Umbrella Rank: 5153	4 KB
6	lijit.com 3 redirects ap.lijit.com — Cisco Umbrella Rank: 594 ce.lijit.com — Cisco Umbrella Rank: 734	3 KB
6	advertising.com 5 redirects ads.adaptv.advertising.com — Cisco Umbrella Rank: 1091 pixel.advertising.com — Cisco Umbrella Rank: 307	2 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	40 KB
5	adform.net 5 redirects c1.adform.net — Cisco Umbrella Rank: 524	2 KB
5	rfihub.com 4 redirects a.rfihub.com — Cisco Umbrella Rank: 2770 p.rfihub.com — Cisco Umbrella Rank: 631	5 KB
5	zemanta.com 5 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 528	3 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 343	111 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	379 KB
4	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 720	1 KB
4	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 843 go.sonobi.com — Cisco Umbrella Rank: 680	2 KB
4	bidr.io 4 redirects match.prod.bidr.io — Cisco Umbrella Rank: 462	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185	1 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6433 adservice.google.de — Cisco Umbrella Rank: 8832	2 KB
4	everesttech.net 3 redirects cm.everesttech.net — Cisco Umbrella Rank: 878 sync-tm.everesttech.net — Cisco Umbrella Rank: 490	1 KB
4	quantserve.com 2 redirects secure.quantserve.com — Cisco Umbrella Rank: 839 pixel.quantserve.com — Cisco Umbrella Rank: 381	11 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 184 kaspersky.demdex.net — Cisco Umbrella Rank: 215069	5 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	134 KB
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 467 i6.liadm.com — Cisco Umbrella Rank: 1591	1 KB
3	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 829	1 KB
3	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 797	1 KB
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 384	2 KB
3	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 604	5 KB
3	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 690 r.turn.com — Cisco Umbrella Rank: 2672	1 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 989	337 B
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1055	830 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1689 mp.4dex.io — Cisco Umbrella Rank: 2262	24 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1490 id5-sync.com — Cisco Umbrella Rank: 488	12 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 614	695 B
2	emxdgt.com cs.emxdgt.com — Cisco Umbrella Rank: 806
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 630	624 B
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4292	715 B
2	33across.com pixel.33across.com — Cisco Umbrella Rank: 2310 ssc-cms.33across.com — Cisco Umbrella Rank: 807
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 730	1 KB
2	blismedia.com 1 redirects tr.blismedia.com — Cisco Umbrella Rank: 2593	184 B
2	volvelle.tech 2 redirects a.volvelle.tech — Cisco Umbrella Rank: 27298	1 KB
2	dyntrk.com 2 redirects c.eu1.dyntrk.com — Cisco Umbrella Rank: 4708	1 KB
2	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 205395	561 B
2	kasperskycontenthub.com kasperskycontenthub.com — Cisco Umbrella Rank: 320047	1 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 565
1	smadex.com 1 redirects cm.smadex.com — Cisco Umbrella Rank: 2720	531 B
1	dotomi.com 1 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 2423	187 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1283	695 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 517	382 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 437	1 KB
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 813	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1024	293 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 880	428 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 781	581 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 193	593 B
1	rqtrk.eu 1 redirects ws.rqtrk.eu — Cisco Umbrella Rank: 1637	513 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 6046	5 KB
1	torchad.com rtb2-useast.torchad.com — Cisco Umbrella Rank: 18207	233 B
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 2221	122 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 557	191 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1438	584 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 707	708 B
1	avads.net 1 redirects ads.avads.net — Cisco Umbrella Rank: 23011	438 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 799	3 KB
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 37428	602 B
1	t.co t.co — Cisco Umbrella Rank: 448	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	166 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 792	354 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 531	8 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1623	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 98638	48 KB
0	wbtrk.net Failed um.wbtrk.net Failed
0	impdesk.com Failed pix.impdesk.com Failed
456	93

	Domain	Requested by
34	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com u.openx.net eb2.3lift.com g2.gumgum.com ssum-sec.casalemedia.com
32	threatpost.com	threatpost.com
24	tpc.googlesyndication.com	1 redirects tagan.adlightning.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com threatpost.com cdn.ampproject.org
21	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com s0.2mdn.net
18	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net tpc.googlesyndication.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com tagan.adlightning.com www.googletagservices.com
16	x.bidswitch.net	15 redirects eb2.3lift.com
14	assets.threatpost.com	threatpost.com assets.threatpost.com
13	rtb.gumgum.com	1 redirects g2.gumgum.com
12	ib.adnxs.com	3 redirects cds.connatix.com qd.admetricspro.com acdn.adnxs.com
12	media.threatpost.com	threatpost.com
11	www.google.com	2 redirects threatpost.com tagan.adlightning.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
11	tagan.adlightning.com	threatpost.com tagan.adlightning.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
10	ads.servenobid.com	qd.admetricspro.com public.servenobid.com g2.gumgum.com ssum-sec.casalemedia.com ssbsync.smartadserver.com
9	match.adsrvr.org	4 redirects u.openx.net eb2.3lift.com ssum-sec.casalemedia.com
9	capi-tier-2-us-east-2.connatix.com	cd.connatix.com
8	ups.analytics.yahoo.com	5 redirects
8	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net threatpost.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
7	sync.1rx.io	7 redirects
7	s.amazon-adsystem.com	4 redirects eb2.3lift.com ssum-sec.casalemedia.com
7	eu-u.openx.net	u.openx.net qd.admetricspro.com eu-u.openx.net
7	e.serverbid.com	2 redirects qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com g2.gumgum.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6	eb2.3lift.com	3 redirects qd.admetricspro.com eb2.3lift.com
6	us-u.openx.net	1 redirects u.openx.net eu-u.openx.net
6	vid.connatix.com	cd.connatix.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
6	www.gstatic.com	www.google.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
5	rtb-csync.smartadserver.com	eu-u.openx.net g2.gumgum.com ssbsync.smartadserver.com
5	c1.adform.net	5 redirects
5	b1sync.zemanta.com	5 redirects
5	pixel.advertising.com	5 redirects
5	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com g2.gumgum.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
5	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
5	googleads.g.doubleclick.net	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com tagan.adlightning.com
5	cdn.ampproject.org	threatpost.com
5	ap.lijit.com	2 redirects qd.admetricspro.com public.servenobid.com
5	tag.1rx.io	cds.connatix.com qd.admetricspro.com
5	www.googletagmanager.com	threatpost.com www.googletagmanager.com
5	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
4	pixel.rubiconproject.com	2 redirects g2.gumgum.com
4	sync.outbrain.com	3 redirects g2.gumgum.com
4	match.prod.bidr.io	4 redirects
4	pr-bh.ybp.yahoo.com	3 redirects eu-u.openx.net
4	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
4	px.ads.linkedin.com	2 redirects eb2.3lift.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
4	www.googletagservices.com	threatpost.com bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
3	aax-eu.amazon-adsystem.com	2 redirects
3	token.rubiconproject.com	3 redirects
3	secure.adnxs.com	2 redirects ssum-sec.casalemedia.com
3	sync.go.sonobi.com	public.servenobid.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3	sync.targeting.unrulymedia.com	2 redirects ssbsync.smartadserver.com
3	onetag-sys.com	1 redirects public.servenobid.com
3	p.rfihub.com	3 redirects
3	sync.mathtag.com	3 redirects
3	sync-tm.everesttech.net	2 redirects ssum-sec.casalemedia.com
3	js-sec.indexww.com	cds.connatix.com qd.admetricspro.com
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	fonts.googleapis.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
3	c2shb.ssp.yahoo.com	qd.admetricspro.com
3	btlr.sharethrough.com	qd.admetricspro.com
3	hbopenbid.pubmatic.com	cds.connatix.com qd.admetricspro.com
3	teachingaids-d.openx.net	cds.connatix.com qd.admetricspro.com
3	prebid.a-mo.net	1 redirects cds.connatix.com qd.admetricspro.com
3	htlb.casalemedia.com	cds.connatix.com qd.admetricspro.com
3	pixel.quantserve.com	2 redirects threatpost.com
3	dpm.demdex.net	media.kaspersky.com threatpost.com ssum-sec.casalemedia.com
3	cds.connatix.com	threatpost.com cd.connatix.com
2	i.liadm.com	2 redirects
2	creativecdn.com	2 redirects
2	cs.emxdgt.com	g2.gumgum.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
2	secure-assets.rubiconproject.com	2 redirects
2	usersync.gumgum.com	g2.gumgum.com
2	ad.360yield.com	2 redirects
2	pool.admedo.com	2 redirects
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	pm.w55c.net	2 redirects
2	a.rfihub.com	1 redirects
2	tr.blismedia.com	1 redirects bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	threatpost.com
2	u.openx.net	cds.connatix.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	a.volvelle.tech	2 redirects
2	c.eu1.dyntrk.com	2 redirects
2	ad.turn.com	2 redirects
2	encrypted-tbn1.gstatic.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
2	adservice.google.de	tagan.adlightning.com adservice.google.com
2	adservice.google.com	9582686.fls.doubleclick.net tagan.adlightning.com
2	9582686.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.google.de	threatpost.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	id5-sync.com	cdn.id5-sync.com qd.admetricspro.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	img.connatix.com	threatpost.com
2	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
2	kasperskycontenthub.com	threatpost.com
1	pixel-us-east.rubiconproject.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	i6.liadm.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	gift-connect-d.openx.net	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	go.sonobi.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	id.rlcdn.com
1	cm.smadex.com	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	tg.socdm.com	1 redirects
1	ssc-cms.33across.com	g2.gumgum.com
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	g2.gumgum.com
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	ce.lijit.com	1 redirects
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	c.bing.com	eb2.3lift.com
1	image2.pubmatic.com	1 redirects
1	ws.rqtrk.eu	1 redirects
1	rtb.openx.net	eu-u.openx.net
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	rtb2-useast.torchad.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
1	cs.chocolateplatform.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
1	pixel-sync.sitescout.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
1	dsp.adfarm1.adition.com	1 redirects
1	um.simpli.fi	1 redirects
1	ads.avads.net	1 redirects
1	r.turn.com
1	fonts.gstatic.com	fonts.googleapis.com
1	encrypted-tbn2.gstatic.com	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	www.googletagmanager.com
1	tlx.3lift.com	qd.admetricspro.com
1	mp.4dex.io	qd.admetricspro.com
1	ads.adaptv.advertising.com	cds.connatix.com
1	geo.ipify.org	qd.admetricspro.com
1	t.co	threatpost.com
1	analytics.twitter.com	threatpost.com
1	rules.quantcount.com	secure.quantserve.com
1	lit.connatix.com	cd.connatix.com
1	cm.everesttech.net	1 redirects
1	kaspersky.demdex.net	tagan.adlightning.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	capi.connatix.com	cd.connatix.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
0	um.wbtrk.net Failed	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
0	pix.impdesk.com Failed	bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
456	157

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
www.armorblox.com
media.threatpost.com
bit.ly
akismet.com
t.co

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
assets.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-23` - `2022-04-28`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-03-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.a-mo.net R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
e.serverbid.com R3	`2022-01-17` - `2022-04-17`	3 months	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-02-20` - `2022-05-21`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
chocolateplatform.com GTS CA 1D4	`2022-02-17` - `2022-05-18`	3 months	crt.sh
*.torchad.com AlphaSSL CA - SHA256 - G2	`2021-09-20` - `2022-10-22`	a year	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2022-09-01`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 66 frames:

Primary Page: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Frame ID: 5F858621FAFAC733B61BC8E50F9F40B6
Requests: 151 HTTP requests in this frame

Frame: https://cds.connatix.com/p/154690/connatix.player.dc.js
Frame ID: D60456B22F54D8C3C65EDC093506BE66
Requests: 20 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 77128526409020A673661033C5566F56
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: F9A3FB950D26DBC4AF2A4A1A137B142D
Requests: 19 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html
Frame ID: DA913DD587D14196FBED3B3BA1CE1C42
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html
Frame ID: 654142E79616B8D578DD6F38B2990B97
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html
Frame ID: EA3E4837125AF1A76DF9ADD1448DAD5C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6421758F5FFAFB580D92C97A82A3D416
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 3541352900296ED0BCD82F49C349A4E4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: E045AA8948A8527AA48BBB9CE9E6013A
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F
Frame ID: 0A180799848C4D639C84406A94B0F39D
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F
Frame ID: 159C438CA788AC1E22755916F6B35E88
Requests: 1 HTTP requests in this frame

Frame: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1162F60693B775CCE3D6110589406DE2
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F
Frame ID: BA761C4B9611C5C5AFC19DCCCA055A23
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 145DA80BB96B1DFD936BDEA437D750FF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8491FFF6838A845A296461671440C0BC
Requests: 2 HTTP requests in this frame

Frame: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BA354A6CBBBA5371D3677286F694FDA2
Requests: 19 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Frame ID: BA58BE0FD57DE131525DC2D25953E88C
Requests: 19 HTTP requests in this frame

Frame: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9CB4B52797095B1F1DBD25375D1AA094
Requests: 16 HTTP requests in this frame

Frame: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 74317996C516EC707D616E6ED1856FCB
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C53655A9BDFED563A931F85C2CFDCC0E
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVVb9KYesRAVbNHBc9CNryqS7RvlUmAnuKbkIHJryzbZ48Dy05NBAR_nNT6kRvzr7qKC_YX07r37gUe6vCwVX3zpEG5TBfM_idorxqQZ3DoMtwwtE0
Frame ID: 68002E04B34FA1AF32D0DA63BBB06CD8
Requests: 4 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 5F3830ADABF8EAD4AA7E89907449B5B7
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 04DBA57B0E05E8C0EC7199A256251E69
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 518412CCE9A05F5362777202774BC9F1
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js
Frame ID: 9D102830AFB86DB704F89AA5C6276E68
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: ABA6A8BE0E5073E4851FC5A491AEB8CE
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: FDF8EE2C4F877ECCC4B5FD4D15A0349E
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 16789B1D784C14E86E4F7B9E64427C06
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F02FC180A5AE2884F1B6282B981D00FB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 6DA59661DF92C720D58239EAC695081C
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 912C41420D767D4EFA7444B23B3362C6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 5DADC50FE1CC70F669E0B52452149B14
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 9B1C8FEC8253CDDE2C0345730AFE87CC
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Frame ID: 6160E255B9338D7178FC575D3A5E4DF6
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D1965A1094E04FE8A501DB73F46A17D1
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6CC410D074CDC1486E2533F7D3F88353
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: 3A598BBC80C124B2A33238CEC0DC500A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 364EBD42F350EDB53991AFBE63B472B7
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: E4C94FF0C37061A4D30FEBEEAD22F660
Requests: 9 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 26FEDE7F80EB0DF16544BF772B31BFA7
Requests: 8 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 0C32BB876969CF03737F94B9ED8BB163
Requests: 11 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: A15E69B820A137F407A45AC9C87CDFDF
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 6247BCFF14F9206F9E437F72289BF22E
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 251AEC21A3154BEDC9057AB21FB36EF1
Requests: 10 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 42FCB10505DAD403F4DFA096064B74DC
Requests: 7 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 3838C304C9C87127E09BC5A3808C4646
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 5214BE6EFE978581F167DB06A281BE4E
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 80C706B2DB8038DDE64B7F312D9F9A20
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: FF460A7A205028F927BD49AA46231EC3
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: BC50208B1C7A4617E71B6C0188279993
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=36ac6233-8a5d-4500-a93f-947b8a137c6c&gdpr=0&gdpr_consent=
Frame ID: 57D563CF4CDD836C2CF95805B2C5A561
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YjOKWQAAAHbGUAQD&gdpr=0&gdpr_consent=
Frame ID: 239C17D641848E6FE152C6E5F16DCF98
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jMmZiZWZhMi0yZjE2LTRiNDUtYTM2Ny1iNTA3N2UyMjJjZmM=&gdpr=0&gdpr_consent=
Frame ID: F4FF0D15C8E368BE37C33E1C814593B5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 2D5083AD4256F3766CD24250081C7B1C
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: A0AA264A86B94D71B26C954DB1EE2A5C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=7f1fea4f-557b-4faa-a15f-70f836944c2f&t=1650136927
Frame ID: 4B0DB0296E75BA100D982AC85500341E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: B090C40B678F29D342670D60F7BF002A
Requests: 3 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 4369F4DA04E8AEBC26A902A067A4F583
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YjOKYMCo5ukAAEaxVR8AAAAA
Frame ID: 7F3FA0CC5087E08EA6E1C42870EA8DA0
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=3rypP5qZWOG15smTJmM8&pi=gumgum&tc=1
Frame ID: 27325FA0B30B74757DD9A1B69C5375CF
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: F4ABF9AA55A4D9802A9C3F3C1AC7444F
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: FF4A2335F7823024418BBB1E6091CDDF
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: 3563099F8383955D24D5F9F69624328A
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: AD34B27D7947CB51B00345413431AFD1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: BD99331FD4A5A489E4ADD05A6B319455
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company | Threatpost

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

456
Requests

83 %
HTTPS

27 %
IPv6

93
Domains

157
Subdomains

107
IPs

10
Countries

6767 kB
Transfer

14923 kB
Size

121
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://www.armorblox.com/blog/the-email-bait-and-phish-instagram-phishing-attack
Title: report

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/16092345/instagram-phishing-email-e1647437038569.png

Search URL Search Domain Scan URL

URL: https://bit.ly/3Jy6Bfs
Title: FREE downloadable eBook

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://t.co/yriwJadhRA
Title: https://t.co/yriwJadhRA

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/09015533/ThreatpostMK_TEMPLATE.pdf
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/154690/connatix.player.dc.js

Request Chain 92

https://cm.everesttech.net/cm/dd?d_uuid=59127614741326902190556092110860870140 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjOKWQAAAHbGUAQD

Request Chain 175

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1647544922427%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fphony-instagram-support-staff-emails-hit-insurance-company%252F178929%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true&e_ipv6=AQLSoQ_lMegb8gAAAX-ZVHL8kcFfaB2P7ii0oDGzVj-Iyz6mfF6tIRx4q0S5h-Zy_Z91S4qQJd7tfxpdTb8CZD6ZsvB9Uw

Request Chain 180

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F HTTP 302
https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Request Chain 243

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCX27PFbhDoBxjoBzIIpAVBO9dPPOk HTTP 301
https://tpc.googlesyndication.com/simgad/6572644254404355299

Request Chain 256

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0

Request Chain 257

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjOKXbMnETZyXfQIq2I74AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0

Request Chain 262

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 263

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1&google_push=AYg5qPI84qmRmx1MSbOpAmewNeJpyK5Kg-kgxxSKQsSMLAIElQaTTVaMRNt_7k58csZgQeV-Abtzs6UdLsxQN4l8pkT-fe2PiIaw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Nzk1MDk2NDgzMjEzMzI2MTU5NA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1

Request Chain 264

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEHd1rbNHL-dvGc_KMhf3oDQ&google_cver=1&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx HTTP 302
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEHd1rbNHL-dvGc_KMhf3oDQ&google_cver=1&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx&prevuid=&knw= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx&google_hm=

Request Chain 265

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECkDfCYZoeOMlwau1bd_xtc&google_cver=1&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECkDfCYZoeOMlwau1bd_xtc&google_cver=1&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8 HTTP 302
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=fcd5fff5-8987-4ecb-8c77-53afe188a00c&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8&google_hm=MpDdDF4WTc6JDPd63phuvg==

Request Chain 267

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG12by4_OnPYqgkBoL2D5zA&google_cver=1&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQzYgvrMMm4Z6 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQzYgvrMMm4Z6&google_hm=bff6021a1d3f325fb9e2befc

Request Chain 268

https://ads.avads.net/sync/ggl?google_gid=CAESECmj-vj0MLk1-ZzZkH7tBSM&google_cver=1&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QFdGwDnlUl-kWwDxDWlmoi9Aew4sT5W HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MWU4NjIwZWQtMTZmYy00Zjc0LWE0YTQtY2UwY2Q5MTA4Y2M0&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QFdGwDnlUl-kWwDxDWlmoi9Aew4sT5W

Request Chain 277

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=q9-ZXHxDVnNrODBNTlljWi9xR1JQVUhRenR0RVRONWcwYTdyOHlvemVEYzZYRzUyQ2E4ek9abWxWcGg3NjE3UWpCM3RBUzkrN1VMZWQ3akhETXR1RDJ2STBEMDVaTUFIalRWTE50U29EaEVFbWxxY2xjd3d3dGR5MUl5M25YRG8rc3ZCV1hpcUxLQTlnNVRvSjdLZUswR05tV0svbWdqL0hMcVNzUUYwYnRwMGtOMk5LKzdUbSs1VG9ScVBZVlM5V2NoRTYzRm1kUDBJby84TVBKdjNpM0NqVFpqSXRJOXVyb1V5RURtUy80TG1abGd3PXw&cppv=2

Request Chain 286

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP87b98419-a627-11ec-8de9-021cc92cc318 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4N2I5ODQxOS1hNjI3LTExZWMtOGRlOS0wMjFjYzkyY2MzMTg%3D HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

Request Chain 287

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent=&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

Request Chain 288

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=7f1fea4f-557b-4faa-a15f-70f836944c2f&_origin=1&gdpr=1&gdpr_consent=

Request Chain 291

https://um.simpli.fi/gp_match?google_gid=CAESEO0PNNqDWRcOQXb4CI-2Jns&google_cver=1&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhsdXG-2LDTiiMPs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B43C2F2121914B8DA4518A38BF5320E7&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhsdXG-2LDTiiMPs

Request Chain 293

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENUB6GPJMPeOE-3F1HcSx_E&google_cver=1&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuAvpSmd3uHtjRFRz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3NjE1MTU3MTU3ODgxMjU3MA%3D%3D&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuAvpSmd3uHtjRFRz

Request Chain 295

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJ-pEClaqAlpS8BY4EH6dk8&google_cver=1&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24 HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJ-pEClaqAlpS8BY4EH6dk8&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24&google_hm=Sk5tTHFHUkpYZ0pwUWZiTjNqbmM=

Request Chain 296

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH8U0G1fulqpkXHKIv8zb_U&google_cver=1&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNmz3skm1m0XCGDKG5_kEX16ZAqRGPw HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH8U0G1fulqpkXHKIv8zb_U&google_cver=1&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNmz3skm1m0XCGDKG5_kEX16ZAqRGPw&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1aazFUczVCRTJ1RjlEV3RyZGlidktvTFhRVW91by5RRH5B&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNmz3skm1m0XCGDKG5_kEX16ZAqRGPw

Request Chain 297

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEHuk-2hvHzY5R2n9NtQ0azo&google_cver=1&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6Avb03Shg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6Avb03Shg&google_hm=NjIwMzY5MDcyNDk2ODcyOTc2Mg==

Request Chain 302

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f33f6233-8a5d-4500-a554-a2afabcacc30

Request Chain 303

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj

Request Chain 304

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6564375322060911894

Request Chain 307

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1

Request Chain 308

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=36ac6233-8a5d-4500-a93f-947b8a137c6c

Request Chain 309

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj

Request Chain 310

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=9032436911861162631

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1

Request Chain 314

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 329

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEMe_PiW6IVpzFkpP78RwdsE&google_cver=1&google_push=AYg5qPKqOHS-aQzEup3Uug6oON377_AQ2Pbyc48lwuRH7RFFOZNdejGmWdEE0Jw_PPNShFore0uDYB-huPyFa_z9rZbeDne8a9Kl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKqOHS-aQzEup3Uug6oON377_AQ2Pbyc48lwuRH7RFFOZNdejGmWdEE0Jw_PPNShFore0uDYB-huPyFa_z9rZbeDne8a9Kl&google_hm=NjIwMzY5MDcyNDk2ODcyOTc2Mg== HTTP 302
https://a.rfihub.com/cm?pub=445&google_error=5

Request Chain 331

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDf0TFaDraAjpw2ccBc7_To&google_cver=1&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6NC0a8GP04mdqY HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6NC0a8GP04mdqY&google_hm=hmIzil3HrmJIv4pm3g&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D62338A5DC7AE6248BF8A66DEBLIS

Request Chain 334

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKgHVzPaxOaA-SIsyHjws4g&google_cver=1&google_push=AYg5qPK2TCYeoJxdGZctYlwtuLfhEIiMyvppmZQuvJQpx3CkZafWwDnDrxkuAo1Kv3TCc8dvbj4oId6FOY_Tnm_ETEhN8WToi6Ts HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK2TCYeoJxdGZctYlwtuLfhEIiMyvppmZQuvJQpx3CkZafWwDnDrxkuAo1Kv3TCc8dvbj4oId6FOY_Tnm_ETEhN8WToi6Ts HTTP 302
https://onetag-sys.com/sync/i,19/?google_error=5

Request Chain 356

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 357

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 364

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=YRenaZHA1NuVHh5

Request Chain 365

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=openx&g=1&gdpr_pd=&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=

Request Chain 366

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7463349268159137952

Request Chain 367

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIVnEwN0VaeFVBQUM4REtTTXRsQQ&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAHVq07EZxUAAC8DKSMtlA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpp%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAHVq07EZxUAAC8DKSMtlA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID

Request Chain 369

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

Request Chain 371

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

Request Chain 373

https://pr-bh.ybp.yahoo.com/sync/triplelift/2633001833356587769543?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-R21SqYVE2oTFAA_uv43y9I7mOokR26ZjoPYi0ScUUA--~A&dongle=0883

Request Chain 376

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2633001833356587769543 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2633001833356587769543&dcc=t

Request Chain 377

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=JNmLqGRJXgJpQfbN3jnc&gdpr=1

Request Chain 385

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=7463349268159137952

Request Chain 386

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=bff6021a1d3f325fb9e2befc

Request Chain 388

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647544927828 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1839926311 HTTP 302
https://sync.1rx.io/usersync/tradedesk/7f1fea4f-557b-4faa-a15f-70f836944c2f HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-04c4251d-acf6-4078-9412-7b73f8aa3395-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

Request Chain 389

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=6203690724968729762

Request Chain 391

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=61c8e175-8181-475e-82db-5156d33596ef&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 392

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-dLzibn1E2uF9inctPNFVJwSKOks5Xd..fZZFMEY-~A

Request Chain 393

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=7463349268159137952

Request Chain 394

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=ee8dc922-e571-4b3d-83eb-d7b81c77c34d&user_group=1&ssp=gumgum2&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=3290dd0c-5e16-4dce-890c-f77ade986ebe

Request Chain 395

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%284cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%284cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&obuid=ENC(4cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://x.bidswitch.net/sync?ssp=outbrain&user_id=4cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=outbrain HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=6203690724968729762&expires=30&ssp=outbrain HTTP 302
https://sync.outbrain.com/cookie-sync?p=bidswitch&uid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

Request Chain 396

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=81a193cb-95b1-4edc-a011-b36d7d5a5c54

Request Chain 397

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-a7f66977-6800-4483-63ff-200739d7d7db$ip$217.64.151.7

Request Chain 398

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-DpoQjYZE2pf9EFriQI6dJ7mgyzwdNrTo6x4P~A

Request Chain 399

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=898431d8-a627-11ec-9478-258f38252538

Request Chain 402

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=JNmLqGRJXgJpQfbN3jnc&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSONVGHCR2SJJMGOSTQKFTGETRTNJXGGJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSONVGHCR2SJJMGOSTQKFTGETRTNJXGGJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JNmLqGRJXgJpQfbN3jnc&us_privacy=1---

Request Chain 403

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=368a2d54-fe3c-48d3-bd37-01a17dadd8cc

Request Chain 404

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003&rndcb=3791231772 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe&google_hm=MzI5MGRkMGMtNWUxNi00ZGNlLTg5MGMtZjc3YWRlOTg2ZWJl HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENpFMXk-Wd2c12Ft7EXpmO4&google_cver=1&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://sync.1rx.io/usersync/bidswitch/3290dd0c-5e16-4dce-890c-f77ade986ebe?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-04c4251d-acf6-4078-9412-7b73f8aa3395-003 HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

Request Chain 405

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=ssGqLFnH3IUO&ev=1&pid=558355

Request Chain 408

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=36ac6233-8a5d-4500-a93f-947b8a137c6c&gdpr=0&gdpr_consent=

Request Chain 409

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=YjOKWQAAAHbGUAQD&gdpr=0&gdpr_consent=

Request Chain 413

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=7f1fea4f-557b-4faa-a15f-70f836944c2f&t=1650136927

Request Chain 414

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 416

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YjOKYMCo5ukAAEaxVR8AAAAA

Request Chain 417

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=3rypP5qZWOG15smTJmM8&pi=gumgum&tc=1

Request Chain 420

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB&dcc=t

Request Chain 423

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1647631327&gdpr=1

Request Chain 424

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7950964832133261594

Request Chain 428

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=7463349268159137952&gdpr=0&gdpr_consent=

Request Chain 429

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=9032436911861162631&gdpr=0&gdpr_consent=

Request Chain 430

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003&rndcb=4090823408 HTTP 302
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=adconductor&bds_param=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://x.bidswitch.net/sync?dsp_id=340&user_id=cbff7ec6-90aa-479c-8aaf-b79d1bdfe4d9&expires=10&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://sync.1rx.io/usersync/bidswitch/3290dd0c-5e16-4dce-890c-f77ade986ebe?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

Request Chain 431

https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=smartadserver&ssp_user_id=3290dd0c-5e16-4dce-890c-f77ade986ebe HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315618&expires=5&ssp=smartadserver HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=

Request Chain 433

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NThjYmFhMTk1MTIxMDBlODFjYjExYzdiYmYxMjM2OTU1MzExM2RlYw

Request Chain 434

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0VDPHYO-J-6PIW

Request Chain 436

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=IPYTAyuPTFigB9qvIbTnPA&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=IPYTAyuPTFigB9qvIbTnPA

Request Chain 437

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMy3xVy2XZyfFMiv5bzces0&google_cver=1

Request Chain 438

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBWRFBIWU8tSi02UElX

Request Chain 439

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lHhOHTRvQoWITeizcKFxzg&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lHhOHTRvQoWITeizcKFxzg

Request Chain 442

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

Request Chain 446

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7463349268159137952

Request Chain 447

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjOKXbMnETZyXfQIq2I74AAA%261153

Request Chain 448

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID HTTP 307
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=bff6021a1d3f325fb9e2befc

Request Chain 450

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP87b98419-a627-11ec-8de9-021cc92cc318 HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP87b98419-a627-11ec-8de9-021cc92cc318

Request Chain 451

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

Request Chain 452

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f HTTP 303
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f&_li_chk=true&previous_uuid=7f4f99d3c98d4337805be86d3a9ff8be HTTP 303
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

456 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/ 89 KB
23 KB 401ms
198ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

9fd25caa6a3965489f9f4312dcc66b039ddad840c224e5bd625fc5371e40fe22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Thu, 17 Mar 2022 19:21:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/178929>; rel="alternate"; type="application/json" <https://threatpost.com/?p=178929>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 387ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15528

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 389ms
196ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: "623338ef-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20772

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 392ms
195ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: "623338ef-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15820

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 391ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: "623338ef-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20900

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 391ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23668

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 405ms
206ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:21:59 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: "623338ef-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20884

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 777ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:00 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23468

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 784ms
200ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:00 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20920

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 781ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:00 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23348

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 790ms
200ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:00 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: "623338ef-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 44 KB
19 KB 48ms
10ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cdf17c68c8a30ac57a1f7e6c9dcb83c663ee62e9bcc89f9f972f15b84fcd2760

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: MRRyhR4BuWdydDVpj15kywW3c8WKleJU
content-encoding: gzip
etag: "4ff7dd3ba1f938684ce44cd14f90aa1a"
age: 1230
x-cache: Hit from cloudfront
content-length: 18562
x-amz-meta-git_commit: 7b120a5
last-modified: Thu, 17 Mar 2022 09:38:12 GMT
server: AmazonS3
date: Thu, 17 Mar 2022 19:04:57 GMT
content-type: application/javascript
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
x-amz-cf-id: Fi72Q8zck8MPd0TXdy117A_8LOhlXjhbVBi5admi5LEo1FaIM70njA==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
28 KB 62ms
22ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8931497c9789406bbdba81b99398a4a419a943d28765ab1c44b8efbe4ae1b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27813
x-xss-protection: 0
server: sffe
etag: "1161 / 783 of 1000 / last-modified: 1647515325"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 17 Mar 2022 19:22:00 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 288ms
166ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:21:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 09 Mar 2022 04:05:55 GMT
server: cloudflare
etag: W/"67e2-5d9c136d2119a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ae7wIx%2BuaWdXcfP69ptcrpNWysJpdkXkCu%2FLYrPwxj4cNBz%2BPF1ljCpGqyobSLF1cVXDarHHLOq3DnVgFXoP4Hs7t2yHnlSMY8D3aEQnU9nxHWJWoV3yOU%2BruXhdMGN1MWmAH2OwX29sHQDuKCEYDCY%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed81844ffd783b4-MXP
expires: Thu, 17 Mar 2022 19:24:28 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 219ms
216ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J2ETF3L6kl8eLferBDby0U1PsY364OKFCDiryyfTzzw3xREXUUoauuxiiLF8BKs77%2F0HJweAmUq5pYUP%2BOsj3SZ3pRXR%2BSaV%2BKQbG7a093RiUjo%2BkwJwh%2FY9gaAbbtuugo8HGMEaBFqp%2Bj3l7qzWEzVG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed8184b18b283b4-MXP
expires: Thu, 17 Mar 2022 19:24:29 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 203ms
200ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Owy%2FIf%2Bc3ZFv8RCkY1%2BBh%2BK%2BDAdvBkeQhbbgaUILRQ%2Byc%2Fnw6Oghe4Ty%2BRtAEGq9gi9LSIcemqMB2YCt%2FZlrrME83jMAssCtswGd0ExOmcUPQQjvU2%2BDvFtkvRJTkoF47fuULO%2FPVSjOQb39te22CGM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed8184b18b483b4-MXP
expires: Thu, 17 Mar 2022 19:24:29 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
547 B 188ms
185ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnO02aI5a5nY6Kwc%2FkqZSJNLuJZxLbvsu9M4hvkAcT7WQCiFxF0tKUx3mHv1T43teaw89rGSZ9lGQFTZ2wHIMHAcTiCK74rYp2WChnrb%2BllvWnxi57vYG2qMZyCh3sibrZik44zqhKiHX0BcMkh1K6mx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed8184b18b683b4-MXP
expires: Thu, 17 Mar 2022 19:24:29 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 430 KB
124 KB 224ms
222ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 15:35:01 GMT
server: cloudflare
etag: W/"6b738-5ce51d26ef74c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUkhRC32QgcysxzjpPZ4sEffZrHHbwFheb0aLz8H2mN%2BaAabsK8jXujP065VqXSYHdj5uoxsCle06KKJa57HUblm9nf9MGQdPY8qS%2Bvm7kHmct81x3a%2F65yx9XK084t0bwZfNc55%2B5enNl0Rg4v9gkTP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed8184b18b983b4-MXP
expires: Thu, 17 Mar 2022 19:24:29 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 300ms
178ms Script
application/javascript 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:21:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=it%2BoYTvGZxUe7fTeLyE3BvYHTDoOS2qLz9XAdyTl9A4Bsxx9%2FQZaNzZA%2FD0oWm84JEJiQufT6y5J%2BCfbJedG8SJphHeuePBvxc7WRvmcyJHHWImZWv6%2B6TvwMM2U2JHuVN7IvndmJWkbBIOk86CSgsaS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6ed81844ffe083b4-MXP
expires: Thu, 17 Mar 2022 19:24:41 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 488ms
366ms Stylesheet
text/css 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: gzip
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
content-length: 42696
x-cache-hit: HIT
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: qgVINEOU2oyD37ESewxfAZ985_MMvht16-hh8aF_qNg9T2GnWP3DZA==
expires: Fri, 18 Mar 2022 14:52:15 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 795ms
201ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
461 B 711ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1647524078
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-6b"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 1005ms
100ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1647524078
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-104a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
495 B 1076ms
101ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jun 2014 19:20:42 GMT
Server: nginx
ETag: W/"5398ac0a-74"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
713 B 1090ms
106ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-257"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
2 KB 1088ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.2
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-11e7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 1095ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-484d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:00 GMT

GET
H2 200 Instagram-phishing-dollars-scaled-e1647376181384.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/15162924/ 114 KB
114 KB 55ms
8ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/15162924/Instagram-phishing-dollars-scaled-e1647376181384.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea6f838bdea8b608e0d19a65cbfc08fbfc6065d67a00a85e9a7d0e36f472c549

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 04:01:19 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Tue, 15 Mar 2022 20:29:43 GMT
server: AmazonS3
age: 141642
etag: "72166786ef81b916b4d64fc60350ce6c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 116239
x-amz-cf-id: rO_7sOHf9l1HP306b94i0izNFXqdlXFAIXuyty6k5-3DJfdmKEWlYg==
expires: Wed, 15 Mar 2023 20:29:41 GMT

GET
H2 200 infosec_insiders_in_article_promo.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/ 20 KB
20 KB 46ms
8ms Image
image/png 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Feb 2022 01:13:48 GMT
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Tue, 10 Aug 2021 20:58:17 GMT
server: AmazonS3
age: 3434893
etag: "101ba02c43488b8b07cf42f9aa850f6a"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 20484
x-amz-cf-id: 3zGOpCV1AXtMacOO6h1y_XckLWtxgJ28Tx520qvApjddE1geBBs7RQ==
expires: Wed, 10 Aug 2022 20:58:15 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 852 B
576 B 56ms
33ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6c8ebf386bf7163c131706f38442e2ede0d6d59c160a036ef286257a80a1357c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Thu, 17 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 340ms
112ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
969 B 44ms
20ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2d707d196309a3934a7e9614a4571cd7dbe0676542dcfd8cc0baafc8d1f6543c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Thu, 17 Mar 2022 19:22:00 GMT

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 320ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-ab4"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 172 KB
48 KB 123ms
69ms Script
application/javascript 185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "019696dc39d81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
content-length: 49223
x-xss-protection: 1; mode=block
last-modified: Thu, 17 Mar 2022 08:54:18 GMT
server
x-frame-options: SAMEORIGIN
date: Thu, 17 Mar 2022 19:21:58 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: fr2/KLM6
accept-ranges: bytes
x-content-type-options: nosniff

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
40 KB 423ms
206ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:39 GMT
Server: nginx
ETag: W/"623338ef-1c643"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 321ms
104ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-195e"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 19 KB
8 KB 321ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4b3d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
989 B 328ms
109ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4e9"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 6 KB
2 KB 331ms
113ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-163a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 296ms
101ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-28a7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
2 KB 295ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-bfd"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 301ms
101ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-730"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
15 KB 396ms
198ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-abe0"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 297ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-213f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 313ms
103ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: public
Date: Thu, 17 Mar 2022 19:22:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: W/"623338ee-121f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 26ms
10ms Script
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: .7apL996dsR_ZFPBtTTtY5SRaPfBf8DJ
content-encoding: gzip
etag: 4e3fad24a118a07cea7ce88b2721a583
age: 207
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 07BST5G12NK5S37TPXR6
date: Thu, 17 Mar 2022 19:18:40 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HAcB1hrEeGYGDkFHsl0Wki4ZTrKM-Q0b8QLDFyQiJX9qzD4eew_urg==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/154690/ Frame D604
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/154690/connatix.player.dc.js

1014 KB
245 KB

14ms
6ms

Script
application/javascript

151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/154690/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c4673f335c024041fe458d3408c615386d26767aded1a371ed1f1d3b75ccd9df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 08:57:37 GMT
age: 123628
etag: "dd929515c6eec0dd8079892cabbc6e0a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 250217

Redirect headers

location: https://cds.connatix.com/p/154690/connatix.player.dc.js
date: Thu, 17 Mar 2022 19:22:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
server: Kestrel
accept-ranges: bytes
content-length: 0

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 328ms
103ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=527143423&back=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:01 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 177 KB
59 KB 103ms
35ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d699d9bc5d46cdf08a717e70f1ac596ceb10ac3b48ad98bafcba3b89e26797fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60366
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 502 KB
116 KB 132ms
78ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

34199b9d864a28218e05ed623a045f3b30f6715baff40bad1bfab2948548ed87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118509
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
13 KB 310ms
106ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:01 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
13 KB 304ms
100ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:01 GMT
Last-Modified: Thu, 17 Mar 2022 13:34:38 GMT
Server: nginx
ETag: "623338ee-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 367ms
366ms Image
image/png 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: duRq8w4qTREy0b34yrM8338FM5CqGnzjkojLllilAd1ym6Lq91rODA==
expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 382ms
367ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: r12p4DpXxMisEx8bPMs9EKvjW0cBiGmFILmD-XloPjQxxJLurLXQbA==

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 387ms
372ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: lqxrfeL0gwXA0LHaFhGSFxVYFrVLHsnIeejwMvJq1jvwt-fj5-5jbg==

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 380ms
365ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: xBm2njHeNSLsY8LlIZE1lbiIX5JIYk4AA1_fP_qZ15L_ZwJC0Lnq8g==

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 373ms
373ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: uVI1e0PGvOa8CGwUw78C6wkHhqB7jDci_8hhZD3ggcovsMuhXhVEyg==

GET
H2 200 Nate-Nelson.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/02/17091021/ 201 KB
202 KB 41ms
32ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/02/17091021/Nate-Nelson.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 360105dbb9d08cac5fabaf8252853ea3ad521bf7eee4c9c32ae92f89a72e8290

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 14:10:33 GMT
via: 1.1 5d5481cfa85227a3fdd5ff0b03093c62.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Thu, 17 Feb 2022 14:10:32 GMT
server: AmazonS3
age: 2437888
etag: "37159a4bb982b83ee34a75d6b199896e"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA56-P6
accept-ranges: bytes
content-length: 206168
x-amz-cf-id: jYPmmHO1C142yPBj4x4ISRj5Qgh1jMXvIKWHAFViGne92hN0fzEP2g==
expires: Fri, 17 Feb 2023 14:10:31 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
1 KB 281ms
279ms Image
image/svg+xml 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 828
x-amz-cf-id: 0WbXGSFWwqUt8hsAxjJK9TwD_d_9bzhjyrKQmq2QfcTcBaqcmpeBnQ==

GET
H2 200 twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
1 KB 281ms
279ms Image
image/svg+xml 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-364"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 868
x-amz-cf-id: wxksiZ0iLElUSmIQ3GmJ_TH_pUbIV1-O-rTUL73J_DYqX6SSdw99LA==

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 370ms
368ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: XTyHEU8jS11Y02phTv1D_jMOXwu8-R8kZdkGzeZ-_M92Zp2uiHygEA==

GET
H2 200 museosans-500italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 367ms
366ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-5c74"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23668
x-amz-cf-id: wvVM0u_FVhY5KYxwmqoLwMZxgo7E9XBEvTqkAcpcWKb18gX15tP_NA==

GET
H2 200 player.css
cds.connatix.com/p/154690/ 56 KB
8 KB 7ms
7ms Stylesheet
text/css 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/154690/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: abfa5ce24f65db048040344e04b17c9f99d99170f41393641a1531828c05b3ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:00 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 08:57:37 GMT
age: 123629
etag: "0a34539cb7da12fef4114e7cd93564e7"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8618

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
1 KB 277ms
276ms Image
image/svg+xml 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 812
x-amz-cf-id: Kvffwu6qnFgX0LTfhGYi58bGwr_o2bdDbywPqGW33elt9VXuH_k3Gg==

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 276ms
276ms Image
image/png 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: public
date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: SaIT7Fkc1NsJM_8WRLkvS5jdCDQfZ-epP4IryMPxqaEX_En7neBexA==
expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 instagram-phishing-email-e1647437038569.png
media.threatpost.com/wp-content/uploads/sites/103/2022/03/16092345/ 276 KB
277 KB 74ms
71ms Image
image/png 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/16092345/instagram-phishing-email-e1647437038569.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d65dae0bdc61170aad1eaa1c3fcd6138e157a73efd1bbfd650fa85a337e68902

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 13:26:33 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Wed, 16 Mar 2022 13:23:59 GMT
server: AmazonS3
age: 107728
etag: "36a771b012272ff8616472bb98599b5e"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 282819
x-amz-cf-id: f5Fuyb9M1thxXV8FrvP4m044WP0HHrJ2r0bP4IZnDahSJNDnQtPsCw==
expires: Thu, 16 Mar 2023 13:23:58 GMT

GET
H2 200 gold-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/17102822/ 28 KB
29 KB 98ms
95ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/17102822/gold-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a41a17a1aa636356e037c93e86a04493b1b02c503c6bdee9561b8c2bd68bd71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 14:36:32 GMT
via: 1.1 c387974a86541bbcc6c5141a85eeaf36.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 14:28:33 GMT
server: AmazonS3
age: 17129
etag: "59ce9726cc32e7c9baa7708c79091235"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA56-P6
accept-ranges: bytes
content-length: 28896
x-amz-cf-id: _9OSay7YDDv9SMbNHIJVoYvvncrI6r6PvqFY0KqHsWN3s6YvzA5J8g==
expires: Fri, 17 Mar 2023 14:28:32 GMT

GET
H2 200 dirty-window-squeegee-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/16150120/ 42 KB
42 KB 61ms
59ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/16150120/dirty-window-squeegee-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0438443c5183988512cdbd914ec1b0e09de48615300e179195259a8b744cb489

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 13:14:39 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Wed, 16 Mar 2022 19:01:31 GMT
server: AmazonS3
age: 22042
etag: "eb38a6e4c412078a5408d6ae62fa8937"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA56-P6
accept-ranges: bytes
content-length: 42665
x-amz-cf-id: iSalk_MjbdLwdZsPbg1OKpozbVVBUm18_Uo67vwbICn-OzmN8xa1Vg==
expires: Thu, 16 Mar 2023 19:01:30 GMT

GET
H2 200 romance-scam.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/02/15154738/ 9 KB
10 KB 71ms
69ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/15154738/romance-scam.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e7d88dde3171cfdf57aac61230af0a74a0582d75eec54f4dda0d7820745402c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 17:33:10 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Mon, 15 Feb 2021 20:47:40 GMT
server: AmazonS3
age: 92931
etag: "7bfc03b5ee0895df3cf72ec9e6741e65"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 9530
x-amz-cf-id: GZHPo1fyG_HSaf2i1UEFInvwJu1lq5AxAknUskqRgKP-Y9JSV1vjHg==
expires: Tue, 15 Feb 2022 20:47:38 GMT

GET
H2 200 14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 2 KB
3 KB 72ms
69ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 15:57:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Tue, 01 Mar 2022 20:47:09 GMT
server: AmazonS3
age: 789896
etag: "502f5a6c66ba05c0831f656eb6cc29dd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA56-P6
accept-ranges: bytes
content-length: 2476
x-amz-cf-id: 0GFHFihPzKyNJQfw90SakIAEoqoOAiUfEqa-39ToqDo08-3nmkNK_Q==
expires: Wed, 01 Mar 2023 20:47:08 GMT

GET
H2 200 checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 2 KB
2 KB 103ms
101ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 18:49:28 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Tue, 19 Oct 2021 14:09:44 GMT
server: AmazonS3
age: 1729953
etag: "14bf40c9dffffaec5cd1337f170dac93"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 2112
x-amz-cf-id: A5ZdYJjuPMcrnFYh4bv-uX2HSJpfIWjW-0UzRQBMycW-m9ZzOyoU9g==
expires: Wed, 19 Oct 2022 14:09:43 GMT

GET
H2 200 5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 2 KB
2 KB 104ms
102ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 21:12:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Wed, 16 Feb 2022 14:21:42 GMT
server: AmazonS3
age: 1807751
etag: "8d2fd78b5abc332b1098cc4de81608b9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA56-P6
accept-ranges: bytes
content-length: 1940
x-amz-cf-id: qdhde3Bg1NqKPv6_9h6-Clj7nrNqwLuP-rRniwMupDwjSbcR_DARGQ==
expires: Thu, 16 Feb 2023 14:21:40 GMT

GET
H2 200 nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 2 KB
3 KB 103ms
102ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 21:08:04 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 15:27:43 GMT
server: AmazonS3
age: 3104037
etag: "6d0d1a22dbbe088376115135bb5be675"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 2337
x-amz-cf-id: ERwpl4cIO0n-WgqhAGnp_SoI_bAZSGYoQkV9IRNxOm2_7mB4XTKdeg==
expires: Thu, 29 Sep 2022 15:27:42 GMT

GET
H2 200 Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 2 KB
3 KB 103ms
103ms Image
image/jpeg 2600:9000:2490:5800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:5800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 18:59:05 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 1c7275102c069b3b4bff7bcc191ded2e.cloudfront.net (CloudFront)
last-modified: Fri, 04 Feb 2022 14:52:59 GMT
server: AmazonS3
age: 3543776
etag: "8b8e89e4e306930920312db10e2c0dbf"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA56-P6
accept-ranges: bytes
content-length: 2455
x-amz-cf-id: -fbwViNkTC6HtxNvoJd1eAX_uMgY_qPLAfBg1957Klitba9LUyA09A==
expires: Sat, 04 Feb 2023 14:52:57 GMT

POST
H/1.1 200
OK pls Show response
capi.connatix.com/core/ Frame D604 11 KB
6 KB 518ms
131ms XHR
application/x-protobuf 18.188.70.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.188.70.14 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-188-70-14.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 04b8f218bac21bbf362b2a045b04761474ddc5ca2152e0e4d3c5c8e07c7caeb2

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 5391

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 22ms
21ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 3443127
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: WY_pOXXF3t0q0561Yc21lrxFw1lqqrzZ49KuGqpqdQlHKh2TGFdJag==

GET
H2 200 bl-92ee7c4-e94399b2.js Show response
tagan.adlightning.com/math-aids-threatpost/ 41 KB
18 KB 21ms
20ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:59:13 GMT
content-encoding: gzip
age: 33768
x-cache: Hit from cloudfront
content-length: 17646
x-amz-meta-git_commit: 92ee7c4
last-modified: Thu, 17 Mar 2022 09:37:16 GMT
server: AmazonS3
etag: "0ae026bad5d77ce718ebeda121aaaf4e"
x-amz-version-id: W8CR8fX8JmD2nAd7YHBIEfiMmc9pqILU
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: LhkX_CJrImp_4kXdWyB48vC5Eb90_Awxlu55PAG4IrHWqYWdjk22Qw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1017 B 34ms
33ms XHR
application/json 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 18:02:09 GMT
via: 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
server: Server
age: 4791
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P6
content-length: 662
x-amz-cf-id: z3Dy_9H8yyBuklp1E3IwMErGHgWpyp1KY4fAFe_bDVdF7_wZ9AUyiA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 75ms
16ms XHR
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 02:24:57 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 61025
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
via: 1.1 c3fc8d1fb362a6655af993732c376dc4.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
content-type: application/javascript
x-amz-cf-id: WB5aIaIB40f1pkOKDtVrWahm-6PYlH6TgUw_xhEQeXoacyUwm62vXg==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 357 KB
141 KB 70ms
9ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 15:32:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143659
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 15:32:26 GMT

GET
H2 200 pubads_impl_2022031501.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 52ms
10ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js?cb=31065673

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

4b6c2cabe35ab603f2cff6d7b73775bca1d81016b1f1e06fe4da4bbf3c5766eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 17:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6966
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126660
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 08:35:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Mar 2023 17:25:55 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
737 B 85ms
19ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 100ms
19ms Script
application/javascript 104.111.219.144
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.219.144 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-219-144.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Thu, 17 Mar 2022 19:37:01 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 57ms
18ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Thu, 17 Mar 2022 19:13:09 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 11181
x-request-id: 763396419

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 360 KB
142 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:20:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 17 Mar 2023 19:20:51 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 149ms
38ms XHR
application/json 34.251.227.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1647544921262

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.251.227.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-227-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2c48fe66dc80e8739864031048a9bdb23c32525572a414af4315f72b1197673e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v030-073504118.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: xwev3QRpRIA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 311
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 256 KB
37 KB 187ms
166ms XHR
application/json 2606:4700:3031::6815:456d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:456d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 31 May 2021 16:54:38 GMT
server: cloudflare
etag: W/"3ffae-5c3a314b5dcb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivUbwx%2F05BVAPVh0Ulxiix3eXPCLsTkS36t2jVm1beZIs7lOcWRTG6jTshIJjeH6xe6FPE62ZLy2jshp7JVusbiktB%2Fu7vOSVcbEHo1ZghxAYHHIKRTVPyr8cL5QUFdDVrSr1ZC57C8QFH9JPVEmo80o"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 6ed8184e599291e4-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 17 Mar 2022 19:32:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4635
date: Thu, 17 Mar 2022 18:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 17 Mar 2022 20:04:46 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 48ms
9ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Thu, 24 Mar 2022 19:22:01 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 21 KB
8 KB 38ms
14ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6cdcafba32d043d9ba06bf8a7b24a87ab163c1a75101215ac7d0124efe13d0bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
last-modified: Thu, 17 Mar 2022 17:55:55 GMT
etag: "910942680416e503ddd9abfdd94a0332+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 7433
x-served-by: cache-iad-kjyo7100107-IAD, cache-fra19148-FRA

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 421 KB
105 KB 33ms
17ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cc61017a4fcf8a881f5d7d0d0f69419b0a2290bc0e9a9bc125cb7c6a9073921

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107957
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H/1.1 200
OK dest5.html Show response
kaspersky.demdex.net/ Frame 7712 7 KB
3 KB 132ms
29ms Document
text/html 54.155.215.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.155.215.129 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-155-215-129.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 17 Mar 2022 19:22:01 GMT
DCS: dcs-prod-irl1-2-v030-094108f3e.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Tue, 15 Mar 2022 12:36:14 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 9NFgnzIQRts=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
316 B 65ms
18ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=66531499001133740650715306506218098598&ts=1647544921459

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7f6b754cd4-7nqdh
vary: Origin
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YjOKWQAAAHbGUAQD
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=59127614741326902190556092110860870140
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjOKWQAAAHbGUAQD

42 B
945 B

37ms
37ms

Image
image/gif

34.251.227.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjOKWQAAAHbGUAQD

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

HTTP/1.1

Server

34.251.227.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-251-227-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0f4cfb59d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 69+RMD8iTrU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjOKWQAAAHbGUAQD
Date: Thu, 17 Mar 2022 19:22:01 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 blockedDomains_6.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame D604 88 B
326 B 40ms
8ms XHR
application/octet-stream 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_6.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7ee7be21d91af71ca9589c2044eb2f4666ac9f7427e73c6dea7d4d0d870b8af4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 17:33:26 GMT
age: 784044
etag: "1f2b4300f4f8d9e0c60e2712121468eb"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 90

POST
H/1.1 200
OK sr Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 460ms
114ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 56ms
39ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

12bdbba1c12e8c0db4e6cdb4256780e30a73ce553fcd10a67dc1539184fa61e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27823
x-xss-protection: 0
server: sffe
etag: "1161 / 681 of 1000 / last-modified: 1647515258"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H2 200 4_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/ Frame D604 564 B
434 B 14ms
7ms XHR
application/octet-stream 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/4_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58f7248c529a623caf7254acf486fd7ae1e406c172210ec74cbaa2b718e9e288

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
last-modified: Wed, 24 Feb 2021 20:08:32 GMT
age: 107217
etag: "086f584c169abd84529851af411e618b"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 343

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame D604 371 KB
124 KB 51ms
20ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

215667f9e3ec661991bab882d051bde245e642548a5b25b7a8500a67c28dcf50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126232
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H2 200 1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 16ms
7ms Image
image/png 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
age: 1339918
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
354 B 37ms
12ms Script
application/javascript 2600:9000:223c:7400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:16:28 GMT
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
server: AmazonS3
age: 332
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P2
content-length: 2
x-amz-cf-id: MMLsnto8pVDd9L40LUGIJR7SwckLdEzExJaT-PamEcmb8l23ZSizLg==

GET
H2 403 adsct
analytics.twitter.com/i/ 0
166 B 129ms
110ms Image
text/plain 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.9&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=8383f973-95e7-4585-8858-c4540d2efcd7&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 102
date: Thu, 17 Mar 2022 19:22:01 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 2a7606b56393991ce859b961c0b1915f9a83d5e78b0df3b0dde192fe3afb1803
content-length: 0
strict-transport-security: max-age=631138519

GET
H2 200 adsct
t.co/i/ 43 B
337 B 131ms
112ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.9&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=8383f973-95e7-4585-8858-c4540d2efcd7&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 105
date: Thu, 17 Mar 2022 19:22:00 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 2af9390832fd80d6cd79804ccfd49b5c1f2533d298ed66be655d627564967ae4
content-length: 43

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1497057603&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ul=en-us&de=UTF-8&dt=Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=682803537&gjid=80190955&cid=723297198.1647544922&tid=UA-35676203-21&_gid=1401525799.1647544922&_r=1&gtm=2wg3e0PM29HLF&z=1097587261

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 18ms
7ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1497057603&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ul=en-us&de=UTF-8&dt=Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=723297198.1647544922&tid=UA-35676203-21&_gid=1401525799.1647544922&gtm=2wg3e0PM29HLF&z=862641262

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 03:07:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 58475
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK ao Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 428ms
109ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame D604 1 KB
1 KB 493ms
171ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 8511ee7712c355e582a5131f4e4f9f185ac50042aae214153315d4c292c14ecd

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 857

POST
H/1.1 200
OK ps Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 420ms
111ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/ 8 KB
8 KB 8ms
8ms Image
image/jpeg 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 2d381d73540269a69e01cba1aee89fb10a153d73ecc0298b22dde524bcfd79a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
age: 112802
etag: "5R2xRikC09JkovWRghMmnD4ld+gnLREfzwDFVHe9zlU"
access-control-max-age: 86400
fastly-io-info: ifsz=80236 idim=2560x1440 ifmt=jpeg ofsz=8015 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7613

GET
H2 200 prebid6.7.0-1.js Show response
cds.connatix.com/p/plugins/ Frame F9A3 456 KB
119 KB 12ms
11ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
last-modified: Wed, 09 Feb 2022 14:06:45 GMT
age: 1411860
etag: "c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 121193

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
564 B 277ms
276ms Image
image/svg+xml 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:38 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ee-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236
x-amz-cf-id: 6KylYjusjn6_-QSG57EsGMqBkVBIq6F0ugfqTlCWzT-6fsBmCvrV6w==

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 368ms
368ms Font
font/woff2 2600:9000:2250:ea00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ea00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=ee60c291
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 0cef334729aed841ca9f130c177beeba.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 13:34:39 GMT
server: nginx
x-amz-cf-pop: FRA60-P2
etag: "623338ef-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: Y1WakDqcgtdjQV40TVhbvwlGHdrtkSQi65Kod-lfOf755zn9dQhafg==

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 400 B
602 B 584ms
276ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

39e82ad5da0804aea6bbd0a810ed818997ac5dc0a85a9d8b4c0939069d194ceb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 71ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=723297198.1647544922&jid=682803537&gjid=80190955&_gid=1401525799.1647544922&_u=YEBAAEAAAAAAAC~&z=2017900199

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Mar 2022 19:22:01 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.505.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DA91 590 KB
192 KB 22ms
6ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90dbd457fafa4a6773f9f7c83a7c25feb3ac139ee764cac153bf6f9f5612aa07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 196644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 20:13:15 GMT
expires: Thu, 16 Mar 2023 20:13:15 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Mar 2022 20:06:38 GMT
content-type: text/html
age: 83326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame D604 44 KB
17 KB 94ms
23ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:22:01 GMT

GET
H3 200 bridge3.505.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 6541 590 KB
192 KB 10ms
10ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90dbd457fafa4a6773f9f7c83a7c25feb3ac139ee764cac153bf6f9f5612aa07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 196644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 20:13:15 GMT
expires: Thu, 16 Mar 2023 20:13:15 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Mar 2022 20:06:38 GMT
content-type: text/html
age: 83326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bridge3.505.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame EA3E 590 KB
192 KB 21ms
20ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.505.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90dbd457fafa4a6773f9f7c83a7c25feb3ac139ee764cac153bf6f9f5612aa07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 196644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 20:13:15 GMT
expires: Thu, 16 Mar 2023 20:13:15 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 16 Mar 2022 20:06:38 GMT
content-type: text/html
age: 83326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/ Frame D604 309 B
272 B 17ms
17ms XHR
application/x-mpegurl 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/playlist.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
last-modified: Wed, 24 Feb 2021 20:08:31 GMT
age: 112785
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 213 B
532 B 51ms
12ms XHR
application/json 51.89.21.10
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.10 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p24.id5-sync.com

Software

Resource Hash

c66af41820c97bbe43aaff2ad7200fc5e31bd4c1cd9c6e659c94b115eca46030

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Thu, 17 Mar 2022 19:22:01 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
531 B 49ms
49ms XHR
text/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.3.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-3-177.fra56.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: Z0C1T4W25X1M86T6K1AX
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: KksMSMZglJkXjCYuOFAYahFvqkwtzVgTVfHGu2a1c_yp29lkyyWUSA==

GET
H2 200 pixel;r=1992408382;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;uht=2;fpan=1;fpa=P0-455049024-16475449...
pixel.quantserve.com/ 35 B
371 B 23ms
12ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1992408382;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;uht=2;fpan=1;fpa=P0-455049024-1647544921811;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1647544921810;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2022%2F03%2F15162924%2FInsta%2Ctype.article%2Ctitle.Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%2Cdescription.The%20phishing%20scam%20tried%20to%20steal%20login%20credentials%20by%20threatening%20account%20shutdo%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fphony-instagram-support-staff-emails-hit-insurance-compan

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
939 B 99ms
39ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190892
x-amz-request-id: tx0d309849e7dd4b7e9123a-006230a0ad
x-amz-id-2: tx0d309849e7dd4b7e9123a-006230a0ad
last-modified: Tue, 15 Mar 2022 14:20:20 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUZW49WHwjlX9t6XQc2OFc1CYRR8VUb3st3UUAfHBItiUhvotVE4BF1NPgXf3U9cLetDzYH6wjuYOulUSVrrVHggu4Ow1%2BbPckEPdnFWZr6HPPnB3BGjLI9xojTWDNsOps3%2FQE5nIgp0nkSH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647354020753810
cf-ray: 6ed8185218a0839c-MXP

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 212 B
531 B 36ms
9ms XHR
application/json 51.89.21.10
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.10 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p24.id5-sync.com

Software

Resource Hash

2cc0fd9bd3a2ffb0c846a82add3513135a9481503fa9eb06736f1bab08475f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://threatpost.com
Date: Thu, 17 Mar 2022 19:22:01 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
530 B 56ms
55ms XHR
text/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&pid=U7attHMK9rkA1&cb=1&ws=1600x1200&v=7.74.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.3.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-3-177.fra56.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
via: 1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: MBE8702ZTQ683AG7V92K
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: HKSHdtzDz5NNOE7krS2x7K2q_faIsLVJGLkzaboUDO7pp3osPDKl0Q==

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6421 37 KB
13 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 18:34:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:34:53 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3541 37 KB
13 KB 30ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 18:34:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:34:53 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame E045 37 KB
13 KB 17ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 18:34:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:34:53 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 52ms
51ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=723297198.1647544922&jid=682803537&_u=YEBAAEAAAAAAAC~&z=453678543

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 68ms
45ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=723297198.1647544922&jid=682803537&_u=YEBAAEAAAAAAAC~&z=453678543

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame F9A3 0
170 B 69ms
28ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame F9A3 0
215 B 310ms
240ms XHR
application/json 18.159.232.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.232.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-232-76.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame F9A3 0
170 B 64ms
28ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame F9A3 36 B
328 B 106ms
40ms XHR
application/json 23.0.33.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%2270b990d6defb9d%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2285fdd2421f25c8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%225c12b502-c03e-43d4-ab95-91a936125538%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22a53008e2-1423-497d-9dbc-6b68d12d6eef%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.0.33.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-33-234.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 465bc6e36b215a14438f356485295a62d42e47b7adeb2bbf0b46771de477103e

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.7], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Thu, 17 Mar 2022 19:22:02 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame F9A3 0
346 B 516ms
320ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:01 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 220
vary: origin, Accept-Encoding

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame F9A3 106 B
507 B 123ms
79ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=1608fabb-e635-482e-bd5b-7eee7f7cc544&nocache=1647544921996&gdpr=0&pubcid=a53008e2-1423-497d-9dbc-6b68d12d6eef&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C5c12b502-c03e-43d4-ab95-91a936125538%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
via: 1.1 google
server: OXGW/17.2.1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame F9A3 106 B
296 B 167ms
124ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=79239f67-076f-4cb2-a06f-2035eec0d86f&nocache=1647544921998&gdpr=0&pubcid=a53008e2-1423-497d-9dbc-6b68d12d6eef&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C5c12b502-c03e-43d4-ab95-91a936125538%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
via: 1.1 google
server: OXGW/17.2.1
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F9A3 138 B
826 B 65ms
25ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

c1bd9e436c6596808083e38bbef0ced2dd104b0037970335597aa8c5e5b95dec

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: dd680832-768d-4e90-968b-d6fbb403a0d6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame F9A3 37 B
329 B 140ms
82ms XHR
application/json 23.0.33.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%221737439e18a7a48%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2218147034a10f6b2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%225c12b502-c03e-43d4-ab95-91a936125538%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22a53008e2-1423-497d-9dbc-6b68d12d6eef%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.0.33.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-33-234.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5519184db51d9080740989b2845f601da3e4a9f722f47ae27035df41cf59ef48

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.7], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Thu, 17 Mar 2022 19:22:02 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F9A3 0
59 B 113ms
42ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame F9A3 0
170 B 48ms
28ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F9A3 139 B
827 B 48ms
15ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

ab131af8dcf32d1295d460ffcd76322abc88911f1e281824dcf6d63ddcb4e4cd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 948a9dfa-6f28-4bbd-91ee-bf3ee332ae57
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame F9A3 0
170 B 96ms
78ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F9A3 0
115 B 106ms
40ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
741 B 158ms
100ms XHR
application/json 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 31c9c6d89fd245072e9d39cc5dd3ec8fc0f708d42a8626413e4cfd4da5fec988

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Mar 2022 19:22:02 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 200 prebid Show response
mp.4dex.io/ 99 B
544 B 133ms
78ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a254ff0f4ce3ff50cee5bfa02d0ddb06baaa0abbf862284a2f7a0572bd491f2

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6ed81853285f0219-ZRH
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
x-warn: Selecting bids. No selected bids
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
server: cloudflare
expires: 0

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
170 B 48ms
48ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 106ms
53ms XHR
text/plain 18.184.75.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.75.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-75-207.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:02 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
113 B 62ms
9ms XHR
text/plain 18.184.75.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.75.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-75-207.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:02 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 63ms
10ms XHR
text/plain 18.184.75.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.75.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-75-207.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:02 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
383 B 188ms
176ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=b148fffe-9a19-4eba-8117-884edd75014e%2Cb148fffe-9a19-4eba-8117-884edd75014e%2C1a2d1874-aff6-4080-91cc-4b76226ac691%2Cd51a4a75-0499-448a-9c8c-624762b98742%2Cd51a4a75-0499-448a-9c8c-624762b98742&nocache=1647544922029&gdpr=0&x_gdpr_f=1&pubcid=a53008e2-1423-497d-9dbc-6b68d12d6eef&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 34df469995b81d63131711c160ab028283dd037658405040483026655b3eb4d8

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 148ms
96ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 27bcc93168da4cc12a3dc98430584c4c54582d7b6d1fa739be16046335ff7a19

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 161ms
109ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: b55ed180fcbf0694b116f66f526def99e53923266b8deb2089aa0f673a6ef9e5

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 129ms
78ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 38459ffa4908d290e0f71780cb703a37e2ae184bfea7bbaaf01a4c5d76a2aa23

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
487 B 327ms
280ms XHR
application/json 18.197.113.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tmax=1200&gdpr=false

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.113.18 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-113-18.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width,SecCH-Viewport-Width, Sec-CH-Viewport-Height,Sec-CH-Device-Memory, Sec-CHRTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 199ms
173ms XHR
application/json 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

3c8377ca40d3f4a0494631e37a86768bc354d647754bad2d872f6d3b4ea026c0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 17 Mar 2022 19:22:02 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ae914bf9-8dce-4ea4-84cb-25ab8c690f66
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 631 B
1 KB 212ms
115ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=b148fffe-9a19-4eba-8117-884edd75014e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8595735581697797
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: aa889303b1a846435bc8e1b85194b4cfea93f74519f30e4264b533dd8fff65ce

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 631
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 187ms
86ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=1a2d1874-aff6-4080-91cc-4b76226ac691&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7076940786064216
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 5d328104059d8212d3397048f3d4b2f8065c357ac6dc2014ce527960580a3d6a

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 204ms
101ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=d51a4a75-0499-448a-9c8c-624762b98742&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.39286864442201996
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 663574d2ab01e89eac600d72544c85d698349fd4d62fec89c83394c6fcca6d86

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 629 B
1 KB 226ms
120ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=d51a4a75-0499-448a-9c8c-624762b98742&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6840772026475597
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 38abc86d7855ff5512923395501c001d773334d5f2af2520510c4e7899dc1b5d

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:02 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 629
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
984 B 311ms
103ms XHR
application/json 165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:01 GMT
access-control-allow-credentials: true
content-length: 711
vary: Origin
content-type: application/json

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 103ms
67ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 3 KB
2 KB 129ms
110ms XHR
application/json 23.0.33.234
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225172b4a3ecdecb5%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2252aee280ecfe997%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2253ce96742580724%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%225498c4cff160166%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.0.33.234 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-33-234.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 063293aa1f6a6e7c74ac32bd6af8360571b646140e6922ec5733130d32842467

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.7], XFF:[]
server: Apache
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 1433
x-ak-client-geo: 12
expires: Thu, 17 Mar 2022 19:22:02 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
229 B 597ms
447ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 350
vary: origin, Accept-Encoding

POST
H2 200 adreq Show response
ads.servenobid.com/ 5 KB
3 KB 342ms
264ms XHR
application/json 54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=2175
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ea7337029e1b86f58ad69f113d867d4db72f8c17e7293747307dd25ec90db42f

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

GET
H2 200 0.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/ Frame D604 662 B
362 B 8ms
7ms XHR
application/x-mpegurl 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/0.m3u8
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a2ef03fcd25b86976c30f6ebfe0b2772784054dc5884d78874f00eb626b6b0d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
last-modified: Wed, 24 Feb 2021 20:08:31 GMT
age: 112783
etag: "961ed5d8be4fd38d257a34aeca746428"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 270

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/ Frame D604 1 KB
1 KB 9ms
9ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7e98e6f06f8b1b2c9e31c725c806d3095b04f47c756c627c0e0e5057dff1716e

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range: bytes=0-1361

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
last-modified: Wed, 24 Feb 2021 20:08:31 GMT
age: 112782
etag: "3c9b637d708d632bac15d9ceade2eb7b"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/5134984
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame D604 0
315 B 108ms
108ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/ Frame D604 542 KB
543 KB 8ms
8ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d1262f4d34dced1d1e90e093c9094f4c17a69c7285f47bd7051b60889b906dfc

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range: bytes=1362-556693

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
last-modified: Wed, 24 Feb 2021 20:08:31 GMT
age: 112782
etag: "3c9b637d708d632bac15d9ceade2eb7b"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-556693/5134984
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 555332

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 88ms
36ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190447
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: txbaab584c504841c1aac8d-006230a267
x-amz-id-2: txbaab584c504841c1aac8d-006230a267
last-modified: Tue, 15 Mar 2022 14:20:19 GMT
server: cloudflare
etag: W/"ad0d3c45f41a818ade0dc83d4b687ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v31sdIZ2UagNwU2aVuuxyUTCeauJO4dP2Tu%2Bfjx6sf0Fw3BxntwOMojRsH9pI6f6LoxwAkKAWNx7WchAsd6%2FQJfLp1lqlkMJ8oQEz0tE1ITPUzyLwyQpF5kfojdFoS1dQyUD9hvvEpWJS8l2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647354019224084
cf-ray: 6ed818548f3f3755-MXP
access-control-allow-headers: Authorization

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 15ms
15ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1497057603&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&dp=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&ul=en-us&de=UTF-8&dt=Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=652644567&gjid=460266030&cid=723297198.1647544922&uid=66531499001133740650715306506218098598&tid=UA-63997723-2&_gid=1401525799.1647544922&_r=1&gtm=2wg3e0WZ7LJ3&cd14=no_locale&cd15=66531499001133740650715306506218098598&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F99.0.4844.51%20Safari%2F537.36&cd16=723297198.1647544922&z=1702581360

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4636
date: Thu, 17 Mar 2022 18:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 17 Mar 2022 20:04:46 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 42ms
14ms Script
application/x-javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Mar 2022 20:16:02 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=20651
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3073

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
36 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9582686

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3943670f65f64922037af89395298bb4609175ac25ecfdfe45f0ecbd0310c2a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36552
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Mar 2022 19:22:02 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 40ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=723297198.1647544922&jid=652644567&uid=66531499001133740650715306506218098598&gjid=460266030&_gid=1401525799.1647544922&_u=aEDAAEABAAAAAC~&z=1058537221

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Mar 2022 19:22:02 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 170 KB
63 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7731a75deaeb4897ee4038be3dad1cbde216b57c6ddd839683a5d1d2e1d8cc1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64290
x-xss-protection: 0
expires: Thu, 17 Mar 2022 19:22:02 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1647544922427%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fphony...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true&e_...

0
262 B

181ms
161ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true&e_ipv6=AQLSoQ_lMegb8gAAAX-ZVHL8kcFfaB2P7ii0oDGzVj-Iyz6mfF6tIRx4q0S5h-Zy_Z91S4qQJd7tfxpdTb8CZD6ZsvB9Uw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 179FFE7628574265BD0DCF413E8D1162 Ref B: FRAEDGE1321 Ref C: 2022-03-17T19:22:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXabvHjsHAWVeoV48/ZkA==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 17 Mar 2022 19:22:02 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 507D2E67432E4924A978C594B8BFDFE9 Ref B: FRAEDGE1119 Ref C: 2022-03-17T19:22:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1647544922427&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&liSync=true&e_ipv6=AQLSoQ_lMegb8gAAAX-ZVHL8kcFfaB2P7ii0oDGzVj-Iyz6mfF6tIRx4q0S5h-Zy_Z91S4qQJd7tfxpdTb8CZD6ZsvB9Uw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXabvHg4zNXU3Y1/0OmaQ==

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/ Frame D604 560 KB
560 KB 17ms
16ms XHR
video/mp4 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d910ac62-04a0-4081-961d-8fd911769104/0e438034-3035-482e-98bf-bb325467da4e_/0.mp4
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5730e55fc1d4613338815fdcc36d807f8c89c7890da3cbfe1f1529017208420d

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Range: bytes=556694-1130009

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
last-modified: Wed, 24 Feb 2021 20:08:31 GMT
age: 112782
etag: "3c9b637d708d632bac15d9ceade2eb7b"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 556694-1130009/5134984
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 573316

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 61ms
60ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=723297198.1647544922&jid=652644567&_u=aEDAAEABAAAAAC~&z=986618941

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 77ms
50ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=723297198.1647544922&jid=652644567&_u=aEDAAEABAAAAAC~&z=986618941

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK mq Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 109ms
109ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:01 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3

200

activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram... Show response
9582686.fls.doubleclick.net/ Frame 0A18
Redirect Chain

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagr...
https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=...

803 B
535 B

37ms
21ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

d2266d6bde09b961e9197a6f18c8560c1b67baf2504d7755ab1aeaf9d93e23fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 510
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Mar 2022 19:22:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 17ms
17ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe3e0&_p=1497057603&sr=1600x1200&ul=en-us&cid=723297198.1647544922&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&dt=Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%20%7C%20Threatpost&sid=1647544922&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20phony-instagram-support-staff-emails-hit-insurance-company%2F178929&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=66531499001133740650715306506218098598
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-s... Show response
adservice.google.com/ddm/fls/i/ Frame 159C 802 B
742 B 58ms
35ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Requested by

Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1fb6d6996a472e6438f6bf4f6562de53f80ae3bbe868a46acb5bf967b6011da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://9582686.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 510
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 46ms
20ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 29ms
20ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 287 KB
73 KB 593ms
592ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=152554314208323&correlator=403615839732708&eid=31065673%2C31065516%2C44756895&output=ldjh&gdfp_req=1&vrg=2022031501&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220317&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_ix%3D6686a53629d289f%26hb_bidder_ix%3Dix%26dyn_bids%3D0.02%26hb_adid%3D6686a53629d289f%26hb_bidder%3Dix%7Camznbid%3D2%26amznp%3D2%26hb_adid_nobid%3D68b7aee65a3176d%26hb_bidder_nobid%3Dnobid%26dyn_bids%3D0.06%26hb_adid%3D68b7aee65a3176d%26hb_bidder%3Dnobid%7Camznbid%3D2%26amznp%3D2%26hb_adid_ix%3D655fa4f141da87%26hb_bidder_ix%3Dix%26hb_adid_appnexus%3D64cde8caa0ac5af%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.03%26hb_adid%3D655fa4f141da87%26hb_bidder%3Dix%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fphony-instagram-support-staff-emails-hit-insurance-company%252F178929%252F%26urlquery%3Dgoogfc%26contentid%3D178929%26category%3Dhacks%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1647544922658&lmt=1647544922&dlt=1647544919683&idt=1708&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C1187%2C8%2C-9&oid=2&ucis=1%7C2%7C3%7C4%7C5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&url=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&ga_vid=723297198.1647544922&ga_sid=1647544923&ga_hid=1497057603&ga_fc=true&btvi=0%7C0%7C0%7C0%7C-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js?cb=31065673

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

27b3a5c4c3bc42647043f653b240a7c7c8baa0eba3ebe56288b89b66472e4a9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74300
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 52ms
34ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js?cb=31065673

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad56fc0408989aeb2e4fd2a9eaea7c5e1d5d6c900598a364d38422be46b408c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10676
x-xss-protection: 0

GET
H2 200 container.html Show response
bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1162 6 KB
4 KB 79ms
16ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js?cb=31065673

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 17 Mar 2023 19:22:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_page_level_ads_2022031501.js Show response
securepubads.g.doubleclick.net/gpt/ 35 KB
13 KB 10ms
10ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022031501.js?cb=31065673

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js?cb=31065673

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

1d0d865bc35e09ec7970337a0e5740889c4650003a076c08d5f988cc56a8e1c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 16:59:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8563
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13282
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 08:35:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Mar 2023 16:59:19 GMT

GET
H2 200 s08114573362830
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 43 B
245 B 18ms
17ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s08114573362830?AQB=1&ndh=1&pf=1&t=17%2F2%2F2022%2019%3A22%3A2%204%200&mid=66531499001133740650715306506218098598&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20phony-instagram-support-staff-emails-hit-insurance-company%2F178929&g=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20phony-instagram-support-staff-emails-hit-insurance-company%2F178929&v9=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220317%3A287%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Phony%20Instagram%20%E2%80%98Support%20Staff%E2%80%99%20Emails%20Hit%20Insurance%20Company%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=66531499001133740650715306506218098598&v116=723297198.1647544922&v125=0.6380105812044914_1647544921265&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
x-content-type-options: nosniff
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 18 Mar 2022 19:22:02 GMT
server: jag
xserver: anedge-7f6b754cd4-lztmv
etag: 3538075779941269504-4619389464641932437
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 16 Mar 2022 19:22:02 GMT

GET
H3 200 dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-s... Show response
adservice.google.de/ddm/fls/i/ Frame BA76 194 B
199 B 62ms
44ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CITM8o7vzfYCFRqDhQodAasK4A;src=9582686;type=globalc;cat=globa0;ord=2516276244298;gtm=2od3e0;auiddc=2070824347.1647544922;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F;u6=;u7=66531499001133740650715306506218098598-723297198.1647544922;u9=_phony-instagram-support-staff-emails-hit-insurance-company_178929_;~oref=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 47ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:22:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 145D 13 KB
5 KB 24ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Mar 2022 19:02:16 GMT
expires: Fri, 17 Mar 2023 19:02:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1186
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8491 783 B
533 B 20ms
20ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f51b1e58e30fc485c38f622df1ed79b1d7b6fee581f2f3329970fff9cc71eeaf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fvu3sa9i0SMmJivNpvSp6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 17 Mar 2022 19:22:02 GMT
date: Thu, 17 Mar 2022 19:22:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-fvu3sa9i0SMmJivNpvSp6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8491 0
0 79ms
61ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031501&jk=152554314208323&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js Show response
pagead2.googlesyndication.com/bg/ Frame 145D 35 KB
14 KB 25ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c395b5122c45194cd616064e8b5cd68d3fa0f9a8bfe2df8a376ddabdaf5e2f10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 17:06:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 17 Mar 2023 17:06:03 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 145D 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dZl3Xw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BA35 6 KB
3 KB 38ms
14ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 17 Mar 2023 19:22:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bl-92ee7c4-e94399b2.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BA58 41 KB
18 KB 9ms
8ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:59:13 GMT
content-encoding: gzip
age: 33771
x-cache: Hit from cloudfront
content-length: 17646
x-amz-meta-git_commit: 92ee7c4
last-modified: Thu, 17 Mar 2022 09:37:16 GMT
server: AmazonS3
etag: "0ae026bad5d77ce718ebeda121aaaf4e"
x-amz-version-id: W8CR8fX8JmD2nAd7YHBIEfiMmc9pqILU
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ZsuVjCWFD8sRoizjm7Xlf8gyD5ik_VMc-OhRviG37AaGBXik9_HxXA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BA58 73 KB
28 KB 10ms
10ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 3443130
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Ofkd1leScho97bidkRiCnWrAMsUaXjnpQZrSwRXyhqZ6xGyKKhCa2Q==

GET
H3 200 container.html Show response
bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9CB4 6 KB
3 KB 10ms
10ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 17 Mar 2023 19:22:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7431 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Mar 2022 19:22:02 GMT
expires: Fri, 17 Mar 2023 19:22:02 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK sv Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 108ms
108ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:03 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 bl-92ee7c4-e94399b2.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BA35 41 KB
18 KB 8ms
8ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:59:13 GMT
content-encoding: gzip
age: 33771
x-cache: Hit from cloudfront
content-length: 17646
x-amz-meta-git_commit: 92ee7c4
last-modified: Thu, 17 Mar 2022 09:37:16 GMT
server: AmazonS3
etag: "0ae026bad5d77ce718ebeda121aaaf4e"
x-amz-version-id: W8CR8fX8JmD2nAd7YHBIEfiMmc9pqILU
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Yqgo0T4Jhmqr9fuIr41KLCELk7WTcZZ_7DDz3xtPrTdzxn-x0Lp2LA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BA35 73 KB
28 KB 9ms
8ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 3443130
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: rOKtrXzlyZEtsiFBYe-FWHjBMd34Zztw4SYrtXU0JVLHyOFnKgCoKA==

GET
H2 200 css
fonts.googleapis.com/ Frame BA35 2 KB
1 KB 43ms
15ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:55:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Mar 2022 19:22:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Mar 2022 19:22:03 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame BA35 2 KB
904 B 13ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:21:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:21:04 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/ Frame BA35 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/abg_lite_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1081
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:04:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame BA35 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:10:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA35 117 KB
36 KB 53ms
32ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc68a3e6e6f0074ff46c18beea2033fc4e8c6ee513dc0617758f45e2bdd8b88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647431472276194"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:22:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame BA35 15 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:17:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BA35 0
0 37ms
36ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRALwJjFJzboiqg8hHQhrXVeoNV3gadNI2HLL7958xxYgiLqWJ_LOdVLMpK0htpzD026UF7wYI8vASdBOt_VjjU5O9MIg
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 7a99daadf072127ada89333d533e295f.js Show response
www.gstatic.com/mysidia/ Frame BA35 28 KB
12 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a99daadf072127ada89333d533e295f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f17e5a9922761162f13a1ebe6cf4bf53cac2d3b3041b941ae3f40f32ae6fba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 19:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11822
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 03:55:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 Jun 2022 19:08:18 GMT

GET
H2 200 bl-92ee7c4-e94399b2.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9CB4 41 KB
18 KB 12ms
11ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:59:13 GMT
content-encoding: gzip
age: 33771
x-cache: Hit from cloudfront
content-length: 17646
x-amz-meta-git_commit: 92ee7c4
last-modified: Thu, 17 Mar 2022 09:37:16 GMT
server: AmazonS3
etag: "0ae026bad5d77ce718ebeda121aaaf4e"
x-amz-version-id: W8CR8fX8JmD2nAd7YHBIEfiMmc9pqILU
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: FyF6vcNWLfjLWGfQEbHD4EB_GAHffTXOJAxbdAui3SnOMywf0RH_6g==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9CB4 73 KB
28 KB 13ms
13ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 3443130
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: aM7d4COYVcrEqxhoKaTg4qah9xpje9S4o8w2CM2nEDQ78tVOhBZfOw==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CB4 42 B
63 B 43ms
39ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CvL1x49LIgB3G2nHsdvzPya0R8Jb2v4lwbxmEcmm0dtDrk0GN1-YxfZBWIVFmpKYZPxGXnCfWzXw6CjA6vgoC-r3oOkN7kydZaxj_F-sUIiftsg8w

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame 9CB4 2 KB
1 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:10:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9CB4 117 KB
36 KB 54ms
34ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc68a3e6e6f0074ff46c18beea2033fc4e8c6ee513dc0617758f45e2bdd8b88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647431472276194"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:22:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame 9CB4 15 KB
6 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:17:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9CB4 0
0 21ms
21ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSTamDobIEgJ5aeWQMDv3yeEHa0k_bEQg3vODZOi_OmYRVvQqrxN75aFzaif4m1GyvIdUzvea0tWrdq9TBVm5DbTcfdCg
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 bl-92ee7c4-e94399b2.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 7431 41 KB
18 KB 16ms
16ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-92ee7c4-e94399b2.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:59:13 GMT
content-encoding: gzip
age: 33771
x-cache: Hit from cloudfront
content-length: 17646
x-amz-meta-git_commit: 92ee7c4
last-modified: Thu, 17 Mar 2022 09:37:16 GMT
server: AmazonS3
etag: "0ae026bad5d77ce718ebeda121aaaf4e"
x-amz-version-id: W8CR8fX8JmD2nAd7YHBIEfiMmc9pqILU
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: _jcTkAImMckdOhJLQLH_gPHm099gTn7XOF9YnvJFdxF8t8BaDuPD7g==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 7431 73 KB
28 KB 16ms
15ms Script
application/javascript 18.66.139.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-84.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 3443130
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 8b360b28aeb67c1982fcc466a05eef02.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P4
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: -Ui5mK2OnvLetkF2Jwv_sKz06nRezGM4PwzyYvWEF6QsSsdeb20JAQ==

GET
H2 200 css2
fonts.googleapis.com/ Frame 7431 4 KB
707 B 48ms
24ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:40:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Mar 2022 19:22:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Mar 2022 19:22:03 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7431 205 B
229 B 32ms
10ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 13:15:00 GMT
x-content-type-options: nosniff
age: 22023
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 17 Mar 2023 13:15:00 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7431 604 B
628 B 14ms
10ms Image
image/png 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 13:27:56 GMT
x-content-type-options: nosniff
age: 21247
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 17 Mar 2023 13:27:56 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/elements/html/ Frame 7431 19 KB
8 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4cc8248c65b1d5277d920cd0aaadaf2d0b0aeb2c31c3078171127866ad304b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8355
x-xss-protection: 0
server: cafe
etag: 4666862433802105431
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:01:29 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031501&jk=152554314208323&bg=!W1ilWBzNAAba2mK92to7ACkAdvg8Wu1xarPh7vbstMnlG0NMrex0OATz1lINTntCaCLvoFrM2hsjxQIAAABPUgAAAAJoAQcKAF98lXBKrAYLxEqkEkpq6gokbFpCTRb515rI7vubaHh6eHQG4puhtVU98qj4pAgrhEOwpDCK6ZbJBzFZZ4Fh4bydgbBKS110EV92eLhs2SykoVp40qVvjfRYv3LmRK7Jt5kC2O0xJ1_E0Osc-eihTXa4lCkftAzdk7D3-ah2RxXVuxQ5w9fsvF72sMxqPWjHByRLHj8o9wzmGOF_m6D8sWzMwr2iGygQpvmXcqnPDXeJM6YrnWOK2jVrMtb_1gDAEvGIT53sOpBWkRfziGLlkJcv5OpVGJvfyn2cx9-shbpiIoHGNRRi5Wdr5QwXEEYS0GVn3qjRrzg0swu94OWFIlzdT68KEX0p39b4YNlqpyampCEFc7RYuAEmI3R_5CnmoP_wKbXNuFXLLV9pPccIHC95w_cxPn5WtO8B2H5KxW9LUaLhnvl57FfSQ8ZI5yB8mOztaYyqKfMAAxotrHIKw5eBMgdYeBB6pxVUB6L3iAGxdylt1uaj5opxqkOmgpCIGe3WtsYPcU0-7UxBUSPA4I7C9H_APMwOawGnrOfVe1veDHqA1BjnBgcO56HOkRI6QCkEUgmZCTSUhzFumNzCXiEb1CFNDRo4MpQYhof_A-Q65YVyIVBU2DlZ8JDwgtjIwqvln05eQY1fXBJT16mMqqU1VSgy-lt1lW_u_LmSGytuwDaIy2-aTw9W99bEwHx35SD_68j_hi_CUAujUYSiFubcOUFKQ2kPIGhGkdbsp98TKnf0_FDN0o-g6KLhO2AP6izUDZSC6JzM7PlzxzBfvjFEO2GiNwHqqx86HyWCedFGhVAzifEg_26KoOWwRgyyJ8Lwb-7R1U33X6InuS_bjafxcWRus0X8To8uKs4Sj0uDywtlaLNFTBAXpJdciByKSgE7w40p833_yOUf0x8zRbDs5vOZki_cUIMDsdhbaIvhwAAZC8D8JOCbVvW2at79hmXuS3rNIEBtrr9DlgGqC9i7eSQLNjrKbhjWBGMNKm6IK0xmCdYfBvxAB1weaRU6JfWLy80heTk5r_MjXbfJaZMnX-th7MnmjwFPNfZAhPZ6boAn7LHds6Mn2vG0O1SN0Kqq0PiNuYL_nKkN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202142035000/ Frame BA58 220 KB
61 KB 75ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61563
x-xss-protection: 0
server: sffe
date: Thu, 17 Mar 2022 07:27:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "74cdf3878bfbef53"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Mar 2023 07:27:25 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame BA58 16 KB
6 KB 87ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5733
x-xss-protection: 0
server: sffe
date: Thu, 17 Mar 2022 07:27:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42a91727bcc93df1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Mar 2023 07:27:25 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame BA58 96 KB
29 KB 90ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-analytics-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29577
x-xss-protection: 0
server: sffe
date: Thu, 17 Mar 2022 07:27:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42f1ed997a28c2a2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Mar 2023 07:27:25 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame BA58 5 KB
2 KB 94ms
28ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-fit-text-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1873
x-xss-protection: 0
server: sffe
date: Thu, 17 Mar 2022 07:27:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8e63b195883091b5"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Mar 2023 07:27:25 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame BA58 42 KB
13 KB 95ms
29ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-form-0.1.mjs

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 42878
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13633
x-xss-protection: 0
server: sffe
date: Thu, 17 Mar 2022 07:27:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c67c66f710e82a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 17 Mar 2023 07:27:25 GMT

GET
H3 200 13348054739029338356
tpc.googlesyndication.com/simgad/ Frame BA58 19 KB
19 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13348054739029338356?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnHwE85fWW9taOqSoUd3voSRM-gxA

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

530fa3b6923647a6e26ffbb9f1cc3e774b964d33765a8c5f74021c733a11f700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:57:17 GMT
x-content-type-options: nosniff
age: 303886
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19332
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 06:42:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 Mar 2023 06:57:17 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BA58 2 KB
2 KB 10ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 34825
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Mar 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BA58 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 34138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 18 Mar 2022 09:53:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BA58 0
0 16ms
15ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRj6-DrpyUguESgT-8stNaDdhCESpRt0q7WVP9Tyx5okhVyNKijvHDpSEoGyFZmMuhkto9YMg4Q1SVA1DTHbJLSWDRwMQ
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BA58 0
0 39ms
38ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CZjfhWoozYuqmLIWP9u8P0LiI0ATIgZbyaMPB153xD5zU1oD1LxABIPmb8YQBYJWCgICUB6AB9MXN_APIAQKpAnvRuhXQmLI-4AIAqAMByAMIqgS3Ak_QlpV3gAJUos0Vd0G3LcBOL6_kQ_zJMAWblba_bownX1Kh04NHXqcGcgFB07aVMCMOOHVBWQynbLS3-CVRnYPTJysR9--S8MVvnURI_DBsKzsr6WEJdWEWCw4FJGADvL2q_snm3C5GSU0g9XuGsfua0tf5al68xs34Zk8-vh85qGXiC7HOqTBXM4O2OVlrsTk4SrOroLmbFlU4_xIPE8cCbilRLoQJzrqRPlHpX3cpyywlvhXOK5dlIhZFCA68ytDDCYQ2l3yuNb2__RgBwtbpj62o4Lwm2QRCB9Ei5eVSWB6D9np0MPiEweLuBXEq0iTRMFXlzJudlzTr8TJqG6P1x6lsNCDK3n79l-3UpUsUWuu0kP10pCjCby4vLXbDG_er79I0LIizruitf6UazSUnF2cJejqywAT_psmm9QPgBAGgBgKAB_S5sgOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBC6qw3SCAcIgGEQARgdgAoDyAsB2BMD0BUBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=Sy8v52HSheM&uach_m=[UACH]
Requested by: Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame BA58 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 735ef1634e5d8f0f0670ea3aba315a5b85842b9bec03689e1aff082f7ec23595

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BA35 0
0 42ms
42ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUOjhWoozYummLIWP9u8P0LiI0ASLk475aM3WubX2DLi2puyWJxABIPmb8YQBYJWCgICUB6AB4Mb6lgPIAQmpAnvRuhXQmLI-4AIAqAMByAPLBKoEsAJP0GicyaqwSWa_eBTD2cUMU4__sDoutvTnopvsB9OPhEsJzryqgE31k9-hcYGqXh9CTCuw1VYg97leaVnkreRfR8v1CXWHcz_1ETEzXDgnj-6lGriuc5HT4BUg2Wj8GR48S3rKfS4hr4jarOoncfy5kih6KP8CQGCLO6--Hz21JQizWh5YOt-v0lZxFLsiFkhPh-Rn5D9NGAeqV6IsIzc54pFwXVU6cnpFh_LLFzVwj6BP7n19FeiYlwl6OyQe304-w8B_v3Fb_3gdsEabL43mpmvKNKY_VSb5-d-h_6-YtkCiRT9YcaRz8BTv8qaSM1nSzigt7IrmTABD9FvmYBDSOZ4_uxQYq5jPW9U7uoNGvkyiOnnPKq9kUIhf6xCoH-Q2jxkVE6Mf3Vk4cA6kvcjXwAS1mvL6pAPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH-ISXIqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDw1DLSCAcIgGEQARgdgAoDyAsB2BMOiBQD0BUBmBYBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=6JfiYPj6WOM&uach_m=[UACH]&template_id=494
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C536 1 KB
749 B 10ms
9ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 17 Mar 2022 13:26:12 GMT
expires: Fri, 18 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 21352
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame BA35 35 KB
36 KB 30ms
8ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRQ_sAoaOWLN1lRbdAR09fUAJ46Kya5V2JQUoZ1ZqqeYsmTAMm7ks-Z7RFVQQ&usqp=CAI

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62ea1c90037461fd3ceebf5e3f4314ee70031b282afb4e685499b05717fa813e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:44:52 GMT
x-content-type-options: nosniff
age: 272232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36264
x-xss-protection: 0
last-modified: Tue, 16 Mar 2021 02:02:07 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 14 Mar 2023 15:44:52 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame BA35 23 KB
23 KB 42ms
20ms Image
image/jpeg 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQi-eEsYFcFdcAL6YYCj0X0-ycQuBlMtlpD7hUr203w0qcBf7ZX&usqp=CAI

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64427295e5a075f53c29837be5e897527f129c2d959f94182fd72504ea7c3b9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 16:27:44 GMT
x-content-type-options: nosniff
age: 269660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23366
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 04:41:25 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 14 Mar 2023 16:27:44 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame BA35 30 KB
30 KB 30ms
7ms Image
image/jpeg 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcRbYcNwgOXkvA9K5Ypnmcti2JevB4pSMS09cAEmoMcDy0husOMVFRlfhJ3WRd4&usqp=CAI

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bc436951e30e91e0f09ca6661d1302950aa6e7e052abdf8fd6a9383701a14d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 06:21:58 GMT
x-content-type-options: nosniff
age: 565206
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30581
x-xss-protection: 0
last-modified: Thu, 18 Feb 2021 01:16:50 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sat, 11 Mar 2023 06:21:58 GMT

GET
H3

200

6572644254404355299
tpc.googlesyndication.com/simgad/ Frame BA35
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCX27PFbhDoBxjoBzIIpAVBO9dPPOk
https://tpc.googlesyndication.com/simgad/6572644254404355299

27 KB
27 KB

10ms
10ms

Image
image/png

2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6572644254404355299

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3da04b183f0c2f30f338427c543e8e50ab9bc23b21c51601b6e02cd365588d6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 06:12:31 GMT
x-content-type-options: nosniff
age: 565773
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27442
x-xss-protection: 0
last-modified: Wed, 29 Jul 2020 20:06:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 11 Mar 2023 06:12:31 GMT

Redirect headers

date: Thu, 17 Mar 2022 10:08:08 GMT
x-content-type-options: nosniff
server: cafe
age: 33236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/6572644254404355299
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Apr 2022 10:08:08 GMT

GET
DATA 200
OK truncated
/ Frame BA35 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fee2ba91996f09cd206eba35c7b8d862428b2b13ef4bd91fc87efb434e77a92c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6800 499 B
694 B 55ms
25ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVVb9KYesRAVbNHBc9CNryqS7RvlUmAnuKbkIHJryzbZ48Dy05NBAR_nNT6kRvzr7qKC_YX07r37gUe6vCwVX3zpEG5TBfM_idorxqQZ3DoMtwwtE0

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 17 Mar 2022 19:22:04 GMT
server: cafe
cache-control: private
content-length: 237
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9CB4 78 KB
32 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AgonCAlUNYmWxz3LrWaVGsV8uxcpSirZFzRvLz4M2-9piLoEy7HG9BpGN6jMXcLP_9bsPRzETS1ImfZCEIZpyNvJz0AvHxYheBM3hNNmztw8U9ZMFCO322VVJyfbkYzZvQtYHnZxM-Wm1FiDWp41aDPPCvlw&dbm_d=AKAmf-APMeaszoa3MPKcgUb6vf1Slpwbzy0dvEfGopbzyVJThRX9MkUfOR7FhTp1HtbHITPlIcShRHoAc57sSLwtjfsIuhZY3sG0MW0yxQ9YtZ-OIV1P8m7CZirmuhup2Cs1cxIzbfXvkH_cO5MWsjPnxpFOsmlThT6LU9llCVTkliDMXSu980b-D1Sc_ywKTUHSt6413__H8XW7AQy_vwauMKhmg3--KtNRdLq-HgcJHLk1O-NhuSiNvzvYUzWeorTMgOvsBgEoMtDFUzIY5C3VljWQKSLC7KLrHAvooE_6Toipz5vgKMZ8uuQpJLOf84zlFEe8MKPksPEm8J7InAS7AshnPhRIO-_keHYcNEbKPjvmVrdjnjUuqPnX8BfHcnitHJSSwOAO7UyHphngv4UmUGxnQ8g9h0-qrbjOE3fKQJWLf_mJxjgR86SGjpiSec7GL8I8pqsIWb-uYTZe-yN28EK-o-3c41HsgKb1kBJqhFqCbnzZVP4gPLThNhIR08Semr6eS0yDeY0psDNa2O4uEFbuAmFJBOgnnfBpgeX5i-2AVI-32E7Jnt6_Hrji8K1lnkY2QDr-PjRNwIPjlOogCOdmivSQRkEdfEAuZ64WA2Ufqd6YuQYeafH_4eoLAPscNEOfuGhOGB-ldwxtHC7xsOnEpZHyO5VmgRb4JaT7xwo3WBJ1yuOzne82wyHstwoO9D9YMmqdU7PK4QB9_Unn41Yw2AS9T61TAAc-vnycMgHk1suxyl6j_PoJnjxtvPqyFMAIVHI9K7vyEkAMkiicbjv4CXV7ftlCXmz15pGFKMnYFsc3gb5lT7Ech9goSkaypdn7sCyIiprnSOKpUO2D5i-Mp_fYQ4ZoF1jl9fJKkXis05R4pYQNIHdYonQIefeavNUzsfw5mzBcnLY2IK9NvHFubjblsxysn_oGP4yGV3Ny3kesCEBHxbQSYv9Xaj3mOkFu-1nIjS-Kt2A4_IDLNbWgDAwhRjeijy3iSbEy_YKmPDGrQwzQQHUGQOl0rGeTZILooDib6z2hm_zKoULEz-DKvm8NaaRsO6OZnmM22KgGVyyv1A9wyfnRDVJPM81bouFArIhZptW3X4AacyolrsRKToWSSrC2dGWCzygiLCvJVF2StvQ7f4OdydQLCN0FXDOPfnDYVj5NlG4XhcURWW-uOVpGSEdHK3qV-rwYKnoIsziV8j0H-VgvgYYFeGUTxiC0ia1Hiz-FK-ziw1L2UpATxgTXT0EOtIFeA3RT3JpSVw0x_PvA1vxg0C6lGKrh6YCefH1g2SDpDDE0NUqNyyfHJljV1tZd5ALggNwmhgmjMYmRgxOiewQJJIDGh6KXE8Psv22CaeYpYjJaj4QesBrGDyplYacpAQCh88gjDsagtsjPcbkC9gSYyAmS5h9z_CbhvyBy0-Gs-GxYsbYN6RbdNQDrUCR-Kxv15alb64T3-4nDUBvo3e3r4-DydVulo5jgxr9ryH-ZUFMWBTwjHALXNmKgbLtJOlMBKBUmRZ52-H_NvnkfZ8daDnHkD-RcZImwAmT1ISiQ5eyM2BphWUsubfVtvlUrz0Hr4BfmBGDhCvYKVGXmyX_yQ8RxgaesxKkwil-NPmc3ZpncSFeB3exqhLBVXR0KDKqT6hILNGzsdpMklloUDACX0gIIwmib4gNkZUgKtAPznmE14aG1C53GfpzmrqJ8hbG6mlIerHPYG1PUMsvAmhD9k41yA68bNKeCWbfzsHJNPKR32nkrPZlDkChUbTP5VTdICszD6hFIdB-uD7tVKSOEjMHXprPSKD_XFGlDZlGwfUTRp5YXhJAbVbED1yi7DbgwoOjja6bTvm6HpANPf2tyGugUYJ94RpK7CDmMlpHJVhck08i08VGhRVXoLWkhzJeff8Fl46sGm4JLfkRM2QdmtKtXvsl9h1AtZl07hjH90xs1ZusDM23y8YRqgul_GUrKNSiz4eRVkfnLtotDcNoaTv0Fm_yklwlB6W_o4AGgw7t4kVKlPBYG45tlwkd2Rn4pIH7f7aiqaR64_BH4qabtWFqQX_OEBPt-L0jppI08bacZ31vEroWfLPXiFYDshxi0aHp69ZWBmxzUogE3WD8cI3zE5qFmEuMdZBd6OMdCWT_6Wfasy36A0bWzCnBZuWi2-d46Syju2Mcw7Vw5RWI9hvFqFyqJ5GjQSoxIGNKs9IWg5lJzDInnMuiWMFtAadQZ2Di1ulOMtjIaVVWk9rRJQ0L9HMbC48nrjifEv-kHlxCXYNzrOhJQBZUiB0aWQ-kBPiBvojpX_f4nPLY-mI_S3i05quLXDed2T8tKIZxR2VD8mQjKH9ml4IEdPdwwx23Yk2MdMw582YyF5XyoCy_-g21q3Yc2wQVmAIwb_Xcqa9ART4Qq9LrMZ-YuyAyFw43Tv9CQ74it5M-OJS40y4-5F07yhN29nhVVc5k6JzF8BmWU3KSX4ON7PRWdFnPNTUf3IInhSvz6npeRJY3gHYGUsacGPQkslXDaYpzqaIlJM0p4VpazH0JqSkzKXzZucgsyT85-ESTii5YQGrc_1R7R5ijqnjNBOn0uBJtgsp-VgbIuE6LU97ZP5GrpEXBlZgvYknRRBctupDGmOZ7VsPSTwVr6_ipu_iSd-kLR2qH5Ahb4AgoOckWcYUYHwOYcjeZueDbeKx_8f4HV4FbcwvsuNTLOYsF56enJJ4CU462zUsBGifv56o6HctDi7OtYeRK4Oaiw2h6rYZKkTJffoSoIhkbkcX0if_zeiK4q_YPRtpC0etG3G84XAGIKV2SQEa_rj_XlG4MINjXWDgMMsKPoGf_hLnbgkS4FDE297pHhWQW9ohQgGXnUKOZ5Ad18ak0EChpP8Q9kgMtCmDHpddNbrZt5I5Q5uOPo7m5PyMYeF_be7e_mjvUkdG7ltbdccYUqWT-Te6WfeNn8mZ_h6B-iz9koQnkMGKh13ykzN7I232mbVap0GodgmDeTu7hisiGzUl4P4zi-y58IUjNkEhobgLMdRZgLvT0fx6tGA1IfemLCKkfmFZsFwqonxlYVlOluccgpQVRe1Za4mfk-War_9pI0jMboC3G55gJKn5G13JyoJlb6v-OVjVZRPLBt3-jDextIwFxCbB1IacZ9n8pfKOa780UtZql_ip5KHyIaUmHboXbNOLUFMLIZ4fhgBieq_xQGjCYflGCWMoi6GCXjGGsEO4MDlq-5oJWL&cid=CAASJeRocBn_N2a4nMAL0GhxKiLxCclROUkSymHiQItvuZ0zb_gJLu8&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e3ad558d76829f2c832006cfba3d1340c6ced6be0a92a244af6d317fae49958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32922
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5F38 8 KB
892 B 39ms
17ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 18:55:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Mar 2022 19:22:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Mar 2022 19:22:04 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame 5F38 2 KB
907 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:21:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:21:04 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/ Frame 5F38 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/abg_lite_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:04:02 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame 5F38 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:10:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F38 117 KB
36 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc68a3e6e6f0074ff46c18beea2033fc4e8c6ee513dc0617758f45e2bdd8b88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647431472276194"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 17 Mar 2022 19:22:04 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/ Frame 5F38 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:17:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5F38 0
0 18ms
17ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT67JwDWQkdBTVC-7_RfYd4A0f7OfCjq4v4kurQLJfMYvMwavg3SiZjs2FS9XhjLoJJqQilt7KpOR5oeh3foU9Bge2nZA
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 7a99daadf072127ada89333d533e295f.js Show response
www.gstatic.com/mysidia/ Frame 5F38 28 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a99daadf072127ada89333d533e295f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f17e5a9922761162f13a1ebe6cf4bf53cac2d3b3041b941ae3f40f32ae6fba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 19:08:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11822
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 03:55:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 Jun 2022 19:08:18 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 6800 170 B
317 B 53ms
23ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVVb9KYesRAVbNHBc9CNryqS7RvlUmAnuKbkIHJryzbZ48Dy05NBAR_nNT6kRvzr7qKC_YX07r37gUe6vCwVX3zpEG5TBfM_idorxqQZ3DoMtwwtE0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6800
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0

43 B
1014 B

70ms
34ms

Image
image/gif

104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVVb9KYesRAVbNHBc9CNryqS7RvlUmAnuKbkIHJryzbZ48Dy05NBAR_nNT6kRvzr7qKC_YX07r37gUe6vCwVX3zpEG5TBfM_idorxqQZ3DoMtwwtE0
Protocol: HTTP/1.1
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Mar 2022 19:22:05 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6800
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjOKXbMnETZyXfQIq2I74AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0

43 B
894 B

34ms
33ms

Image
image/gif

104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNSeuAIQ9vLQAhiCzdq-ATAB&v=APEucNVVb9KYesRAVbNHBc9CNryqS7RvlUmAnuKbkIHJryzbZ48Dy05NBAR_nNT6kRvzr7qKC_YX07r37gUe6vCwVX3zpEG5TBfM_idorxqQZ3DoMtwwtE0
Protocol: HTTP/1.1
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Mar 2022 19:22:05 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDOFzs3oALzDPAKXWvczPhQ&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v20/ Frame BA35 20 KB
21 KB 133ms
5ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v20/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 19:31:22 GMT
x-content-type-options: nosniff
age: 85843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:58:54 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Mar 2023 19:31:22 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9CB4 106 KB
37 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
Origin: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23663
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 18 Mar 2022 12:47:42 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220315/r20110914/elements/html/ Frame 9CB4 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220315/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:17:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:17:07 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220315/r20110914/ Frame 9CB4 25 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220315/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:19:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 31 Mar 2022 19:19:38 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BA58
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

50ms
49ms

Image
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H3
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

date: Thu, 17 Mar 2022 19:22:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame C536
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1&google_push=AYg5qPI84qmRmx1MSbOpAmewNeJpyK5Kg-kgxxSKQsSMLAIElQaTTVaMRNt_7k58csZgQeV-Abtzs6UdLsxQN4l8pkT-fe2PiIaw
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Nzk1MDk2NDgzMjEzMzI2MTU5NA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1

43 B
398 B

53ms
31ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEPnDgO9-HcV7Y8eToIKXBhc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C536
Redirect Chain

https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEHd1rbNHL-dvGc_KMhf3oDQ&google_cver=1&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuv...
https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEHd1rbNHL-dvGc_KMhf3oDQ&google_cver=1&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuv...
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx&google_hm=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: nginx
access-control-allow-origin: *
transfer-encoding: chunked
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="NOI DEV OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPKCViElpXVQtHatZ66AE6lIxvrjTgljnmIPfFJIvmQRiIicwANYw1sxDmmApVWHkpVWoC4WActiuvYHy4T0RcMNYcF8HnTx&google_hm=
cache-control: no-cache
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin
keep-alive: timeout=10

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C536
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESECkDfCYZoeOMlwau1bd_xtc&google_cver=1&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocS...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESECkDfCYZoeOMlwau1bd_xtc&google_cver=1&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs...
https://a.volvelle.tech/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://a.volvelle.tech/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_uid=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://x.bidswitch.net/sync?dsp_id=190&expires=14&user_group=1&user_id=fcd5fff5-8987-4ecb-8c77-53afe188a00c&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8&google_hm=MpDdDF4WTc6JDPd63phuvg==

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8&google_hm=MpDdDF4WTc6JDPd63phuvg==

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJG_JP0DoE_3fEh-SiQJhiG7RHixDxWRv64bCIAKaAQqfnwa95gUeH4EBVwZ4yokfot3KE5BBYdvlX_Bs15JocSBJbqP8c8&google_hm=MpDdDF4WTc6JDPd63phuvg==
Date: Thu, 17 Mar 2022 19:22:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET google
pix.impdesk.com/csync/ Frame C536 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C536
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG12by4_OnPYqgkBoL2D5zA&google_cver=1&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQ...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQzYgvrMMm4Z6&google_hm=bff6021a1d3f325fb9e2befc

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQzYgvrMMm4Z6&google_hm=bff6021a1d3f325fb9e2befc

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 17 Mar 2022 19:22:05 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPJCpEHj5Lu2KWjfMPESx9Kg6aeeVWOxamMw_iRU5fqV6tZjp-TtWFD79iuZ5Po7lOoVCUQJeyPa_5rYFuXiQzYgvrMMm4Z6&google_hm=bff6021a1d3f325fb9e2befc
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C536
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESECmj-vj0MLk1-ZzZkH7tBSM&google_cver=1&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QFdGwDnlUl-kWwDxDWlmoi9Aew4sT5W
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MWU4NjIwZWQtMTZmYy00Zjc0LWE0YTQtY2UwY2Q5MTA4Y2M0&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QF...

170 B
188 B

29ms
27ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MWU4NjIwZWQtMTZmYy00Zjc0LWE0YTQtY2UwY2Q5MTA4Y2M0&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QFdGwDnlUl-kWwDxDWlmoi9Aew4sT5W

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=MWU4NjIwZWQtMTZmYy00Zjc0LWE0YTQtY2UwY2Q5MTA4Y2M0&google_push=AYg5qPIHx6ZAyfoVM6zB0vr9SJGA80HbhQ-NCOIVosGFHT3fGY2w62e8RUYdWuX6UFxU4QFdGwDnlUl-kWwDxDWlmoi9Aew4sT5W
date: Thu, 17 Mar 2022 19:22:05 GMT
x-envoy-upstream-service-time: 8
server: istio-envoy
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C536 0
12 B 18ms
17ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KLck2Web4lhaJY01QY3tzqIPB8QEgcaQhIPz_kho6XxdJzL3N5wqt8iIdjsvdOOLw

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04DB 143 B
163 B 25ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 17 Mar 2022 19:06:49 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 916
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5184 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 17 Mar 2022 13:26:12 GMT
expires: Fri, 18 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 21353
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 13348054739029338356
tpc.googlesyndication.com/simgad/ Frame BA58 19 KB
19 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13348054739029338356?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnHwE85fWW9taOqSoUd3voSRM-gxA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

530fa3b6923647a6e26ffbb9f1cc3e774b964d33765a8c5f74021c733a11f700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:57:17 GMT
x-content-type-options: nosniff
age: 303888
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19332
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 06:42:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 Mar 2023 06:57:17 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BA58 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 34827
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 18 Mar 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame BA58 295 B
325 B 11ms
11ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 34140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 18 Mar 2022 09:53:05 GMT

GET
H3 200 w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9D10 35 KB
14 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c395b5122c45194cd616064e8b5cd68d3fa0f9a8bfe2df8a376ddabdaf5e2f10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 17:06:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8162
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 17 Mar 2023 17:06:03 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 75ms
25ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://threatpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://threatpost.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1123
date: Thu, 17 Mar 2022 19:22:04 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame F9A3
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=q9-ZXHxDVnNrODBNTlljWi9xR1JQVUhRenR0RVRONWcwYTdyOHlvemVEYzZYRzUyQ2E4ek9abWxWcGg3NjE3UWpCM3RBUzkrN1VMZWQ3akhETXR1RDJ2STBEMDVaTUFIalRWTE50U29EaEVFbWxxY2xjd3d3dGR5MUl5M2...

347 B
616 B

105ms
35ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=q9-ZXHxDVnNrODBNTlljWi9xR1JQVUhRenR0RVRONWcwYTdyOHlvemVEYzZYRzUyQ2E4ek9abWxWcGg3NjE3UWpCM3RBUzkrN1VMZWQ3akhETXR1RDJ2STBEMDVaTUFIalRWTE50U29EaEVFbWxxY2xjd3d3dGR5MUl5M25YRG8rc3ZCV1hpcUxLQTlnNVRvSjdLZUswR05tV0svbWdqL0hMcVNzUUYwYnRwMGtOMk5LKzdUbSs1VG9ScVBZVlM5V2NoRTYzRm1kUDBJby84TVBKdjNpM0NqVFpqSXRJOXVyb1V5RURtUy80TG1abGd3PXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

5fe731de51027f2906a0246086613601bb2bc91df13572ce7bfebf980f15f5a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2786
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
location: https://mug.criteo.com/sid?cpp=q9-ZXHxDVnNrODBNTlljWi9xR1JQVUhRenR0RVRONWcwYTdyOHlvemVEYzZYRzUyQ2E4ek9abWxWcGg3NjE3UWpCM3RBUzkrN1VMZWQ3akhETXR1RDJ2STBEMDVaTUFIalRWTE50U29EaEVFbWxxY2xjd3d3dGR5MUl5M25YRG8rc3ZCV1hpcUxLQTlnNVRvSjdLZUswR05tV0svbWdqL0hMcVNzUUYwYnRwMGtOMk5LKzdUbSs1VG9ScVBZVlM5V2NoRTYzRm1kUDBJby84TVBKdjNpM0NqVFpqSXRJOXVyb1V5RURtUy80TG1abGd3PXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1758
content-length: 482
expires: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame ABA6 52 KB
17 KB 117ms
33ms Document
text/html 104.107.160.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-200.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 18 Mar 2022 19:22:07 GMT
Date: Thu, 17 Mar 2022 19:22:05 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame FDF8 668 B
719 B 47ms
39ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 2c70950a4a6609aaf9630efd961ae9559409e1d44373b64e6e0cfe35d4969a35

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 17 Mar 2022 19:22:05 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1678 52 KB
17 KB 111ms
31ms Document
text/html 104.107.160.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-200.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 18 Mar 2022 19:22:07 GMT
Date: Thu, 17 Mar 2022 19:22:05 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame F02F 3 KB
2 KB 88ms
22ms Document
text/html 104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1388
Date: Thu, 17 Mar 2022 19:22:05 GMT
Connection: keep-alive

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6DA5 15 KB
6 KB 106ms
27ms Document
text/html 104.107.160.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=58509
expires: Fri, 18 Mar 2022 11:37:14 GMT
date: Thu, 17 Mar 2022 19:22:05 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 912C 3 KB
2 KB 85ms
21ms Document
text/html 104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1388
Date: Thu, 17 Mar 2022 19:22:05 GMT
Connection: keep-alive

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5DAD 15 KB
6 KB 107ms
30ms Document
text/html 104.107.160.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=58509
expires: Fri, 18 Mar 2022 11:37:14 GMT
date: Thu, 17 Mar 2022 19:22:05 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 9B1C 668 B
731 B 29ms
27ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 2c70950a4a6609aaf9630efd961ae9559409e1d44373b64e6e0cfe35d4969a35

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 17 Mar 2022 19:22:05 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2

204

sync
ups.analytics.yahoo.com/ups/57304/ Frame F9A3
Redirect Chain

https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP87b98419-a627-11ec-8de9-021cc92cc318
https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVA4N2I5ODQxOS1hNjI3LTExZWMtOGRlOS0wMjFjYzkyY2MzMTg%3D
https://pixel.advertising.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

0
141 B

12ms
12ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEPzHciizADlnUWVy1guM2rY&google_cver=1&apid=UP87b98419-a627-11ec-8de9-021cc92cc318
date: Thu, 17 Mar 2022 19:22:05 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55986/ Frame F9A3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
https://pixel.advertising.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent=&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

0
122 B

12ms
11ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent=&apid=UP87b98419-a627-11ec-8de9-021cc92cc318

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55986/sync?uid=YjOKWQAAAHbGUAQD&_origin=0&gdpr=0&gdpr_consent=&apid=UP87b98419-a627-11ec-8de9-021cc92cc318
date: Thu, 17 Mar 2022 19:22:05 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55953/ Frame F9A3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://ups.analytics.yahoo.com/ups/55953/sync?uid=7f1fea4f-557b-4faa-a15f-70f836944c2f&_origin=1&gdpr=1&gdpr_consent=

0
15 B

10ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55953/sync?uid=7f1fea4f-557b-4faa-a15f-70f836944c2f&_origin=1&gdpr=1&gdpr_consent=

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ups.analytics.yahoo.com/ups/55953/sync?uid=7f1fea4f-557b-4faa-a15f-70f836944c2f&_origin=1&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 267

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/ Frame 6160 15 KB
6 KB 36ms
10ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0919849cbc3e870384df1fc4e72312ee8f272205f80bec14d29551cc8b44c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 5861
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 08:20:05 GMT
expires: Thu, 16 Mar 2023 08:20:05 GMT
cache-control: public, max-age=31536000
age: 126120
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9CB4 0
571 B 108ms
53ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuH1Vxz_NN4zl7ZGdeUJRHDHgmWL8ot7oJehvDpRCnQgZCV0GEUDr9FvqaWizfUiV0KTKMNEB1kv35Gzzl-KNRxknOqLhCDSPv7GxYdl0YdksLuAGEbNDJwQefC0R52YIcfXLf0sYVw4uDXdaEAMF0vTpPIwOp87b3VSyH-zGbwHvzzB-TGuzq8S-du-SI-kpbeqJe6GBckOoDN7I1zFWR8UxXxGcAWvUqrxLTwa0Wl4KYAEJV_JCFT0-rXN3q5VSTTTHFO7aSlZtWvQqLQTDCBrkPLrhjvhM78J8-J4HT0SG53umwG2jDvADiEbQWW4h9CTkSIG9K3WLY-ONj-ZQ0UFKsDiuiaJVisu99T5SGUWCt6g5uLk_TRwgM0rRLdQjbgH6iminKyFquxN-NpXFbvAYTEN6N8TcKTRormU9ALPINAdTZSDGMeL4Fm-at1sNgEVewRnFh8cqU0h69KBEnQNDZPHRJw-e2n5aZZRAwOvpQ_7f678v6VednFBh522hm9-QT_LQ4ytRo-W1ODTExFnwKSMf-HGXM-2fuTH_mKfuMmN2jieC4egrCVfl18pEZo26Xe8sJUAJf7yLjYh2j1MMiDDAQSAouwsnQ947JRHd0USdiR7CnB40KuDtESWkUswe2_e0MhJjOAr37fHI4KyPAx0SeLkwLvI3IHiHe_YLYelXkCTo-GMk25bJBj60Sc1o7QgthRh96oFgH1LF-oinuvFqYx-8Lfg10x2amwctoxwVQsg8wsv-GVl974E3A6Yeh1aJyd2Trtgjw54OMH6fcH5fOmxPxmhyR2x-LOcGpW8UjUmtF0HDt0J7Is_xe1Vb_bWH2INRaaj054yjokaCjKD-bW2xnXoLmPaoBXaYVWeQrD4cY4XoDi4uCVIZDPmnV0pas3kmmri33I-uu2TXPT-cs1-2fh_X8r0uxU4DAbCj9fZETlrTgemYsmlYQP5bLljnEKnRfHB4MojCm7AzvRlkbbQcjJnuaGFJuJZLT-ZwAK6CQ5IP0axaQ_4EKgltLNN8_mNV64EukE9nyTgFrHvht9ZZ1RHh27C2GB60Z5eYnOByMAAhKmkPeQX0By8K0KUS2oYf_kXeua19ryjemVxyss2-PSQnMgNq3O-214ZyJE6ZrCMr8S7KHwXVR9WuTFLVSaaMhGWqkcKkOr5ztZ9DcFPy9b4eMbmnVekbeFIbJf9x-5lsmT3sgYtJP4lDHodqKyCdYxBQ_u7kTeATQYMA&sai=AMfl-YSqrVSLh3NV5Un0WUfOG-EfFnBRS_guTQlMbTacEe8nzJepuf8fJ4lfJNBwjO3VLtTz80d0AyK8JZPaDvMT72pZwsk6kz5nRhJxPXXF19B2m7168E8BUcZXC67DbwbqlMVSFuBUHdzYZv-Dq7cQ942XwDeTYVGwsZNAIHWffi2Ys6Zq4fHc5u0wHlj8bKpw4XL_v1IcFil0VEkYfsK8e1WT&sig=Cg0ArKJSzLNgq_Bndrn6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=216&cbvp=1&cstd=200&cisv=r20220315.88567&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 17 Mar 2022 19:22:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5184
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEO0PNNqDWRcOQXb4CI-2Jns&google_cver=1&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhsdXG-2LDTiiMPs
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B43C2F2121914B8DA4518A38BF5320E7&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhs...

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B43C2F2121914B8DA4518A38BF5320E7&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhsdXG-2LDTiiMPs

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 17 Mar 2022 19:22:05 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=B43C2F2121914B8DA4518A38BF5320E7&google_push=AYg5qPIbFmu4Ag_OMPi53UyMc1zzPLeM0PtPzOUjna758AKdkwS6u42VACfM6FwswYAcxq42gX_0mSqZpCjyqhsdXG-2LDTiiMPs
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Wed, 16 Mar 2022 19:22:05 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 5184 0
173 B 69ms
27ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDf0TFaDraAjpw2ccBc7_To&google_cver=1&google_push=AYg5qPJYdiErPBEQ8DBrOsM-Lj7y6gC-OBAm37mWMy71IddE0U10ow8WrWaEs-Xq52deZv4sAgbGzFVb7C7X_blZ6vrBnykzqFhC
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5184
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESENUB6GPJMPeOE-3F1HcSx_E&google_cver=1&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuA...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3NjE1MTU3MTU3ODgxMjU3MA%3D%3D&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuAvpSm...

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3NjE1MTU3MTU3ODgxMjU3MA%3D%3D&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuAvpSmd3uHtjRFRz

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA3NjE1MTU3MTU3ODgxMjU3MA%3D%3D&google_push=AYg5qPLDyQfEisT7whvw-WoR5P4wuYKT3ThSMHoG15P-NqKIf7s3dlLsG3SY1dZSEsbh3LSwSiDB84iC75TLuAvpSmd3uHtjRFRz
Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET match
um.wbtrk.net/doubleclick/user/ Frame 5184 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5184
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJ-pEClaqAlpS8BY4EH6dk8&google_cver=1&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJ-pEClaqAlpS8BY4EH6dk8&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24&google_hm=Sk5tTHFHUkpYZ0pwUWZiT...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24&google_hm=Sk5tTHFHUkpYZ0pwUWZiTjNqbmM=

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPL__ga334hCFjAIQ4nGLafGC72h3OCh5nA_HbkS-IufeNemlIVVSmhGKWW987PIaQh1VZ-bVMvjmz9s1_64QOeC0ZYgQ24&google_hm=Sk5tTHFHUkpYZ0pwUWZiTjNqbmM=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5184
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH8U0G1fulqpkXHKIv8zb_U&google_cver=1&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNm...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH8U0G1fulqpkXHKIv8zb_U&google_cver=1&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNm...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1aazFUczVCRTJ1RjlEV3RyZGlidktvTFhRVW91by5RRH5B&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMW...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1aazFUczVCRTJ1RjlEV3RyZGlidktvTFhRVW91by5RRH5B&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNmz3skm1m0XCGDKG5_kEX16ZAqRGPw

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1aazFUczVCRTJ1RjlEV3RyZGlidktvTFhRVW91by5RRH5B&google_push=AYg5qPKOkysPjL_SROgYJ_JQCXs1X5gWyXHt4vy938xuaJw_pLVJjIMMWknttHkjvRV6AhglNmz3skm1m0XCGDKG5_kEX16ZAqRGPw
date: Thu, 17 Mar 2022 19:22:05 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5184
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEHuk-2hvHzY5R2n9NtQ0azo&google_cver=1&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6A...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6Avb03Shg&google_hm=NjIwMzY5M...

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6Avb03Shg&google_hm=NjIwMzY5MDcyNDk2ODcyOTc2Mg==

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPIOhtRU_OvWSCvf5N4f0dcycFXrqJ9A7UdKg2T4kdIxLNGw5_45zEBQKl4DUZB4-S7fChg5rGpB_lRmwnrBf3bBX6Avb03Shg&google_hm=NjIwMzY5MDcyNDk2ODcyOTc2Mg==
Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5184 0
12 B 21ms
17ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IL7pAr4mJLEFqK4H4xDz3RocjKBBvSZHFfYUQ5_62NfjpTtmC5jqys-wgSa6z9cCq8BVKH2l0

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9CB4 41 KB
15 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 07:28:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Mar 2023 07:28:03 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D196 1 KB
749 B 22ms
20ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Thu, 17 Mar 2022 13:26:12 GMT
expires: Fri, 18 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 21353
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9CB4 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e064195d96ca6606be981b116b622ab037451daeadcca85e5f8e83cfc440918

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 9B1C
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f33f6233-8a5d-4500-a554-a2afabcacc30

43 B
106 B

18ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f33f6233-8a5d-4500-a554-a2afabcacc30
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: MT3 4256 109297d master cdg-pixel-x30 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=f33f6233-8a5d-4500-a554-a2afabcacc30
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 17 Mar 2022 19:22:04 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 9B1C
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj

43 B
122 B

23ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 9B1C
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6564375322060911894

43 B
61 B

20ms
19ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6564375322060911894
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=6564375322060911894
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 9B1C 70 B
264 B 33ms
30ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=769c37bb-bda4-768a-c76a-a380b50a5d12&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 9B1C 170 B
188 B 21ms
19ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWFmM2U0NzEtNzRkMy0yODJlLWQyOGEtZjkzOTdmZTg5Mzcy

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 9B1C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1

43 B
61 B

29ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame FDF8
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=36ac6233-8a5d-4500-a93f-947b8a137c6c

43 B
61 B

30ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=36ac6233-8a5d-4500-a93f-947b8a137c6c
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: MT3 4256 109297d master cdg-pixel-x2 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=36ac6233-8a5d-4500-a93f-947b8a137c6c
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 17 Mar 2022 19:22:04 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame FDF8
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj

43 B
106 B

25ms
19ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=wI_mz87c4MXb2eWex9j4yZSP4szb2bOZwo35rNpj
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame FDF8
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=9032436911861162631

43 B
61 B

20ms
19ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=9032436911861162631
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=9032436911861162631
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame FDF8 70 B
264 B 34ms
31ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=769c37bb-bda4-768a-c76a-a380b50a5d12&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame FDF8 170 B
188 B 27ms
25ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NWFmM2U0NzEtNzRkMy0yODJlLWQyOGEtZjkzOTdmZTg5Mzcy

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame FDF8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1

43 B
61 B

36ms
24ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK7dUa9gjqBeiA1EbcKo9_8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04DB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

86ms
86ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 17 Mar 2022 19:22:05 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 17 Mar 2022 19:22:05 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 17 Mar 2022 19:22:05 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 127ms
34ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1082
date: Thu, 17 Mar 2022 19:22:05 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 style.css
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/css/ Frame 6160 7 KB
1 KB 10ms
10ms Stylesheet
text/css 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

544e825b2f929afaf5d84354bed769874fa5e375e07815c7d0a2675f7df3420b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1427
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 Enabler.js Show response
s0.2mdn.net/ads/studio/ Frame 6160 134 KB
45 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/Enabler.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46435
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:47:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:29:09 GMT

GET
H3 200 gsap_3.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 6160 54 KB
22 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22005
x-xss-protection: 0
last-modified: Mon, 11 Nov 2019 18:08:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:22:05 GMT

GET
H3 200 preload.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 2 KB
598 B 19ms
17ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/preload.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a064b735b498e6721dc8bdd21a0a5efbcbcbe9df3b8ebb2a5ff7cd359536117

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 569
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 dynamicload.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 7 KB
1 KB 19ms
18ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/dynamicload.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4acbd290943ec69e1f0f1af0d3a7c799ce09c0a89a0bfe953fb3503a1320355f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1216
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:47 GMT

GET
H3 200 CustomWiggle.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 2 KB
1 KB 22ms
19ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/CustomWiggle.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c49825547fd709c80e5e3dcc0258b6de3b7465d27f5af3d4af76a049cffc685c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1222
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 CustomEase.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 7 KB
4 KB 21ms
18ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f558a9a6eeef180607677837bb37b6fbc068d907b89e35f694665e96eb816c81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3561
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 15 KB
5 KB 22ms
19ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6418e7fe77ab785ac95beceec33fc8bfd67470a00a161240460e231d5c719062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5125
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:47 GMT

GET
H3 200 textFit.min.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 4 KB
2 KB 21ms
18ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/textFit.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52477aa6aed89e60ae9aa05f9d5ad89c87d39eef6f50ae0844ec2955b9d540ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1536
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 logic.js Show response
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/ Frame 6160 21 KB
4 KB 22ms
19ms Script
application/x-javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/logic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e00f75870cb800fca43f3eb0ee2921b596508ab55b3827c94f4a99f560de755

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 08:20:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126120
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4324
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 08:20:05 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6CC4 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Mar 2022 07:28:30 GMT
expires: Fri, 17 Mar 2023 07:28:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 42815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1678 0
741 B 32ms
31ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: f43b997a-946f-41b1-836e-785d1efbaf90
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame ABA6 0
741 B 13ms
12ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e2983401-79e7-4fa8-a365-bd797142aeb5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame D196
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=445&google_gid=CAESEMe_PiW6IVpzFkpP78RwdsE&google_cver=1&google_push=AYg5qPKqOHS-aQzEup3Uug6oON377_AQ2Pbyc48lwuRH7RFFOZNdejGmWdEE0Jw_PPNShFore0uDYB-huPyFa_z9rZbeDne...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKqOHS-aQzEup3Uug6oON377_AQ2Pbyc48lwuRH7RFFOZNdejGmWdEE0Jw_PPNShFore0uDYB-huPyFa_z9rZbeDne8a9Kl&google_hm=NjIwMzY5MDc...
https://a.rfihub.com/cm?pub=445&google_error=5

42 B
816 B

17ms
16ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&google_error=5
Protocol: HTTP/1.1
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:05 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://a.rfihub.com/cm?pub=445&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame D196 0
191 B 79ms
23ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEE8Ti8MuxGRuovEq0mcZ9uE&google_cver=1&google_push=AYg5qPLf2tzpkm3KE-t9gkt99G3jJsGZdzB8bu78Q0-xZKBIquxMOVQQyVvvSkFwggCYiR1aDWYjJeGH6pI6L4tzYiR3G4g04C8u
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:04 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D196
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEDf0TFaDraAjpw2ccBc7_To&google_cver=1&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6NC0a8GP04mdqY&google_hm=hmIzil3HrmJIv4pm3g...

170 B
188 B

21ms
21ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6NC0a8GP04mdqY&google_hm=hmIzil3HrmJIv4pm3g&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D62338A5DC7AE6248BF8A66DEBLIS

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AYg5qPKLfJ5yS4Pjwtpyo4qg66cf7OtOhWKvN9uY2VlbvT2O7UC8ecvx10nN1BRbt8vIPGVbOqrFJiWMEQEhl6NC0a8GP04mdqY&google_hm=hmIzil3HrmJIv4pm3g&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D62338A5DC7AE6248BF8A66DEBLIS
date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 pub
cs.chocolateplatform.com/ Frame D196 0
122 B 296ms
104ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEDE-HXKUgXE_mrexmKb2_f4&google_cver=1&google_push=AYg5qPKm06X6vpkD64zqTuY71ucFY3wPyLkyqjLxUI-sG-rugQRxgHxJI-GqERjkoEuuOuijUPD4EaxsTS843hCpU7HEKeF-fXg
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK sync
rtb2-useast.torchad.com/ Frame D196 42 B
233 B 287ms
110ms Image
image/gif 2604:9e00:1:129::2:a01
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.torchad.com/sync?exchange=309&google_gid=CAESELOOEbEba8_xesTl6X2YZ20&google_cver=1&google_push=AYg5qPI1dL8BL4Hn7eX-XQakG645QOCP54VqRg243d2hEk90KXXDoJciVr3vyF8qVjP4JCshklOFnsEmRtiRRivQZYAwi97vbPE
Requested by: Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2604:9e00:1:129::2:a01 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:05 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame D196
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKgHVzPaxOaA-SIsyHjws4g&google_cver=1&google_push=AYg5qPK2TCYeoJxdGZctYlwtuLfhEIiMyvppmZQuvJQpx3CkZafWwDnDrxkuAo1Kv3TCc8dvbj4oId6FOY_...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPK2TCYeoJxdGZctYlwtuLfhEIiMyvppmZQuvJQpx3CkZafWwDnDrxkuAo1Kv3TCc8dvbj4oId6FOY_Tnm_ETEhN8WToi6Ts
https://onetag-sys.com/sync/i,19/?google_error=5

0
148 B

7ms
7ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?google_error=5

Protocol

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/sync/i,19/?google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 245
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D196 0
12 B 21ms
21ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LfAfVm6TYafBWfLd8bEmcLL3RTaZkSSTjUls8TmEFgqxwuEbWUDDLyyYzeBGB4vFg

Requested by

Host: bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
URL: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9CB4 0
23 B 46ms
30ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuH1Vxz_NN4zl7ZGdeUJRHDHgmWL8ot7oJehvDpRCnQgZCV0GEUDr9FvqaWizfUiV0KTKMNEB1kv35Gzzl-KNRxknOqLhCDSPv7GxYdl0YdksLuAGEbNDJwQefC0R52YIcfXLf0sYVw4uDXdaEAMF0vTpPIwOp87b3VSyH-zGbwHvzzB-TGuzq8S-du-SI-kpbeqJe6GBckOoDN7I1zFWR8UxXxGcAWvUqrxLTwa0Wl4KYAEJV_JCFT0-rXN3q5VSTTTHFO7aSlZtWvQqLQTDCBrkPLrhjvhM78J8-J4HT0SG53umwG2jDvADiEbQWW4h9CTkSIG9K3WLY-ONj-ZQ0UFKsDiuiaJVisu99T5SGUWCt6g5uLk_TRwgM0rRLdQjbgH6iminKyFquxN-NpXFbvAYTEN6N8TcKTRormU9ALPINAdTZSDGMeL4Fm-at1sNgEVewRnFh8cqU0h69KBEnQNDZPHRJw-e2n5aZZRAwOvpQ_7f678v6VednFBh522hm9-QT_LQ4ytRo-W1ODTExFnwKSMf-HGXM-2fuTH_mKfuMmN2jieC4egrCVfl18pEZo26Xe8sJUAJf7yLjYh2j1MMiDDAQSAouwsnQ947JRHd0USdiR7CnB40KuDtESWkUswe2_e0MhJjOAr37fHI4KyPAx0SeLkwLvI3IHiHe_YLYelXkCTo-GMk25bJBj60Sc1o7QgthRh96oFgH1LF-oinuvFqYx-8Lfg10x2amwctoxwVQsg8wsv-GVl974E3A6Yeh1aJyd2Trtgjw54OMH6fcH5fOmxPxmhyR2x-LOcGpW8UjUmtF0HDt0J7Is_xe1Vb_bWH2INRaaj054yjokaCjKD-bW2xnXoLmPaoBXaYVWeQrD4cY4XoDi4uCVIZDPmnV0pas3kmmri33I-uu2TXPT-cs1-2fh_X8r0uxU4DAbCj9fZETlrTgemYsmlYQP5bLljnEKnRfHB4MojCm7AzvRlkbbQcjJnuaGFJuJZLT-ZwAK6CQ5IP0axaQ_4EKgltLNN8_mNV64EukE9nyTgFrHvht9ZZ1RHh27C2GB60Z5eYnOByMAAhKmkPeQX0By8K0KUS2oYf_kXeua19ryjemVxyss2-PSQnMgNq3O-214ZyJE6ZrCMr8S7KHwXVR9WuTFLVSaaMhGWqkcKkOr5ztZ9DcFPy9b4eMbmnVekbeFIbJf9x-5lsmT3sgYtJP4lDHodqKyCdYxBQ_u7kTeATQYMA&sai=AMfl-YSqrVSLh3NV5Un0WUfOG-EfFnBRS_guTQlMbTacEe8nzJepuf8fJ4lfJNBwjO3VLtTz80d0AyK8JZPaDvMT72pZwsk6kz5nRhJxPXXF19B2m7168E8BUcZXC67DbwbqlMVSFuBUHdzYZv-Dq7cQ942XwDeTYVGwsZNAIHWffi2Ys6Zq4fHc5u0wHlj8bKpw4XL_v1IcFil0VEkYfsK8e1WT&sig=Cg0ArKJSzLNgq_Bndrn6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=543&vt=11&dtpt=327&dett=3&cstd=200&cisv=r20220315.88567&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Mar 2022 19:22:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CC4 35 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/w5W1EixFGUzWFgZOi1zWjT-g-ai_4t-KN23ava9eLxA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c395b5122c45194cd616064e8b5cd68d3fa0f9a8bfe2df8a376ddabdaf5e2f10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 17:06:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8162
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 11:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 17 Mar 2023 17:06:03 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CC4 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWLAUXIozYpvLIZyg9u8P5fy4wAQAAAAAOAHgBAI&bg=!ammlaS3NAAba2mK92to7ACkAdvg8Wjpr4l5dG0RHrO41-H7Bpmb0sXFrm2NqJeJKwVGWYelEOgV5YAIAAABaUgAAAAJoAQeZAzmHMLtC08MOhjjBuDWMse41CIxjZrHmBHg7BkiE8CsZ8J844AVaaLYfSXJw9UZBNbb_ERt0CKKwbgMm5pjib8w87SaiGp4uuqu8D8Ttp0uzoFJQOVd3_vnv_1-KaRS8uIox__bc8r4DhPWI602-tOerV-JcjvQO-TpkOA1hr6mOuSawCr33-sECJ1u2Io1Wde4QkLI-bjSHSEdAEB4HSEAIKIhA6FnYL9Mh0cYrAi_21r3KzBwV8MnZtVax6HkjUT0_GaW7Ka12VwLE5ZThXn1lIKTikn9WfE8mkDvMAvA16h7LTi4ztgsHoy7fw_iJw6kPfmVZzHVIwpo8vUi4TPAQCfWbsnvKpU7AuXST58XXX6m_HHAAcJx-kWBt30wUvanzMgDPIZmK1PrWJjS4ye8pq0oWU_Qe-sxS55kWEK3fsQ_YdQ_NyBtCEDPtX-wzCImr532QLsTonL8ChTkU-K4irv5VAU-_yrhxCjOciQ7If2x2cq6AVuS34ySzXJJj9CcZre3co941r-0nuYbFUiQLRLdZs3J-_8BSgwF5_ZUU7KAXUuP13zzXsNs1OhvZ1UVSJxZ2Oqr3RSOV4IRR8vABBjHLvFdoK0VB_SgnFxXSVtekPuFCCpQpuuT4EQgP05_UPZAgLIwRgFSAAEbBBqMBY0DezFjmWAOb3K8ip88wdyJ6ZM7NL0VgNpr1F3wV_80KHgklx_ttMmDJOmuzr72rfsubnfZpGANxtRzoIYMPZT-OUmAfx-n3-eg82dStCsVGCj-pnI23Q3lVZfqiDR9XShoCnwzjjdYmWjDnq3kwj1qANv9Mq7TgvgAQn0ZBm6eOv1F1td0CxWfwg0qWiXDIPMLYgYTqhvYiZTbJcWC8qqdJ_WZMebwTx7i4szDbkGVq9XSz2dSqob2E-KsQj4VN4Fh87v4ElTz4kJQH9LriKVVaaY13g3AEvuZ5ZFZFW2SpXo8IWHEY5zNY7O2xeiR2ahv4mPFt_FPShYaMto23eUEbE1ABUloEhn6MXRa1XzzzUB4CIcSQXBKJHOjtOMDzwQl5XF4lei4ya5CK_dplp9k-fXCG80nrQ6xA-3Wb5m_Om9Yqy2IF9L4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BA35 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0EY49f8uuGtVWou4NdOpjJ6jqa7WIU404rvY1n1aH_Otv-HkI896T3bDzVQLB9zht_TXEvld4lGWVj5NFrc7H3gR6h7RL3r8Ctmi2iDrGufU-52_rLAs22-CocBPL1jYOphiP6Y-bWg&sai=AMfl-YTmD_CmY2aQa-LPsOwc2U-guHj3ugxgeVFdl2-KnzutnC15qENXOoV61rhJGP632tZosiaWPHIlCUUpLwR_R8HXYvTKFF8qunFNWsYeqKfGhfEaoODaKyhN8sJN&sig=Cg0ArKJSzDnJ8KG9lyo2EAE&cid=CAASFeRoDKC6ZiDwN0bonptQK2b-IYR9Lg&id=lidar2&mcvt=1001&p=8,315,258,1285&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220316&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4166723991&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647544923477&rpt=1668&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BA58 0
0 35ms
35ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGmqOWoozYuqmLIWP9u8P0LiI0ATIgZbyaMPB153xD5zU1oD1LxABIPmb8YQBYJWCgICUB6AB9MXN_APIAQKpAnvRuhXQmLI-4AIAqAMBqgS3Ak_QlpV3gAJUos0Vd0G3LcBOL6_kQ_zJMAWblba_bownX1Kh04NHXqcGcgFB07aVMCMOOHVBWQynbLS3-CVRnYPTJysR9--S8MVvnURI_DBsKzsr6WEJdWEWCw4FJGADvL2q_snm3C5GSU0g9XuGsfua0tf5al68xs34Zk8-vh85qGXiC7HOqTBXM4O2OVlrsTk4SrOroLmbFlU4_xIPE8cCbilRLoQJzrqRPlHpX3cpyywlvhXOK5dlIhZFCA68ytDDCYQ2l3yuNb2__RgBwtbpj62o4Lwm2QRCB9Ei5eVSWB6D9np0MPiEweLuBXEq0iTRMFXlzJudlzTr8TJqG6P1x6lsNCDK3n79l-3UpUsUWuu0kP10pCjCby4vLXbDG_er79I0LIizruitf6UazSUnF2cJejqywAT_psmm9QPgBAGgBgKAB_S5sgOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBC6qw3SCAcIgGEQARgdgAoDyAsB2BMD0BUBgBcBshceChwIABIUcHViLTQxMTM2ODE4ODIzMTE0NTUYhNt7&sigh=sgqsBMXiZ2A&vt=1&uach_m=[]
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BA58 42 B
64 B 37ms
37ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstxWgDVJHdRg0kwriYIMkLVNj-rP4ugF-0yDgO6s23nqBrp6v8MYETd99T3C6xnpRFs3ZP45bzblffPgylH8qozOzB6tUtza1HcmO0v1AB_iosiPGQ&sai=AMfl-YQLqjudOGk0waid0abpHWLPBzcFS6pfFuEHoC5p6yw4wrqYPxdE-uhtn6Ip1INFEQZTPU86yv51m-B-R2bo0m8STvDe4SvkaemrF2X50I2BIfeHjO1AO-fOW2yE&sig=Cg0ArKJSzP_9LCwSq3NXEAE&cid=CAASFeRo2-l7i6KIF-yfZHnpeaNdD3VTmA&id=ampim&o=1082,416&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=1775&tls=2775&g=100&h=100&tt=2775&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=1414505084

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 1678 0
741 B 81ms
81ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:06 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3ce8b91c-2fae-4de0-982c-f37c7dde94fb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame ABA6 0
741 B 13ms
12ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:06 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9bd60524-c7b1-45e9-89cd-c496c925589e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK abt Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 112ms
112ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:05 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 StenaSans-BoldCondensed.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 6160 36 KB
36 KB 10ms
10ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-BoldCondensed.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

402255b20b4b0f135e6e6fce45c65b8e5834d844c1a7a477869d9cdc8d659b5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:12:02 GMT
x-content-type-options: nosniff
age: 604
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37336
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:27:02 GMT

GET
H3 200 StenaSans-Regular.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 6160 36 KB
36 KB 16ms
16ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bd8b222126e1ce1d7523b80a44c48834a64dbe1d9e9bd6a681dea5fc984d6c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:16:08 GMT
x-content-type-options: nosniff
age: 358
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36956
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:31:08 GMT

GET
H3 200 StenaSans-Light.woff
s0.2mdn.net/creatives/assets/4239244/ Frame 6160 35 KB
35 KB 13ms
13ms Font
font/woff 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4239244/StenaSans-Light.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15c6681347badf59c693dc0c6a5b00178276d749eb98ec1f6cb28ab0578b1e4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:16:07 GMT
x-content-type-options: nosniff
age: 359
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35760
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 13:30:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 19:31:07 GMT

GET
H3 200 300x600_GSH_F1.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 6160 101 KB
101 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:49 GMT
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103654
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:49 GMT

GET
H3 200 300x600_GSH_F1.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 6160 101 KB
101 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/js/logic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:49 GMT
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103654
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:49 GMT

GET
H3 200 300x600_GSH_F2.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 6160 90 KB
90 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F2.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11ea17f5a25189f1f44733a56e0647428ac7f6649ae4510913da362892f591b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:49 GMT
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92118
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:49 GMT

GET
H3 200 300x600_GSH_F3.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 6160 32 KB
32 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F3.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c17653e2697cf613a91b201ad77591722e6524aa383004b55f697aecd7674bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:49 GMT
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33211
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:49 GMT

GET
H3 200 300x600_GSH_F4.jpg
s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/ Frame 6160 56 KB
56 KB 18ms
17ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/images/300x600_GSH_F4.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4c71058570b7caf1144c2d3b228abe1d3678a482a78e0a6c0509e0c2848d1d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15685444065929511774/stenaline_summer-holiday-splashing_germany_300x600/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 08:18:49 GMT
x-content-type-options: nosniff
age: 558198
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57660
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 08:12:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 08:18:49 GMT

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 3A59 0
0 44ms
14ms Document
text/plain 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Sovrn-Pod: ad_ap3ams1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 364E 15 KB
6 KB 21ms
20ms Document
text/html 104.107.160.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=58507
expires: Fri, 18 Mar 2022 11:37:14 GMT
date: Thu, 17 Mar 2022 19:22:07 GMT
vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame E4C9 8 KB
4 KB 115ms
10ms Document
text/html 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Tue, 15 Mar 2022 23:39:48 GMT
accept-ranges: bytes
etag: "866b66bb3ccc5c8de41913672c69b8f7"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: Xi4KLnJkKcEQZyfTI75++ahaBOtD1Xmm+SJCFhdAkbR8136cnuVfjpzxYVh8I4Wgih2893nIzo8=
x-amz-request-id: XH8XTNZJEKQHTTSG
x-amz-meta-codebuild-content-sha256: 1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5: d97b029b026ab1b5da9f71fc8f6cf19a
x-azure-ref-originshield: 0gEEzYgAAAACJmYFKVJ/DQ5H1XrnE2XJUQU1TMDRFREdFMTgxOAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0X4ozYgAAAACLWNZ+X9b1RLGzsKR5Sz+iRlJBRURHRTEwMTUAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date: Thu, 17 Mar 2022 19:22:07 GMT

GET
H/1.1

200
OK

2000891.html Show response
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 26FE
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

5 KB
5 KB

65ms
8ms

Document
text/html

205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Connection: Keep-Alive
Cache-Control: max-age=82112
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges: bytes
x-amz-request-id: tx000000000000008c9698e-006233799f-14d1c90f-nyc3a
etag: "1b0ebac83fe30af80513039edbdf566f"
age: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-rgw-object-type: Normal
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1647544927.dop154.fr8.t,1647544927.cds290.fr8.shn,1647544927.cds290.fr8.c

Redirect headers

content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 0C32
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

9ms
8ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: b2d94250c4da8c8a797d14d8f9b298eec27448d56977c492ce9c3d6f1d11bdbb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: text/html; charset=utf-8
content-length: 460
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame A15E 3 KB
2 KB 18ms
18ms Document
text/html 104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1388
Date: Thu, 17 Mar 2022 19:22:07 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6247 52 KB
17 KB 26ms
26ms Document
text/html 104.107.160.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.200 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-200.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Fri, 18 Mar 2022 19:22:09 GMT
Date: Thu, 17 Mar 2022 19:22:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 251A 281 B
554 B 46ms
11ms Document
text/html 184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Mar 2022 19:22:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 42FC 542 B
358 B 19ms
19ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 6c92295dad524af787414ee6238fd912bc84097819654b4c0242472f0b29a26e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: text/html
content-length: 339
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 dds
rtb.openx.net/sync/ Frame 42FC 43 B
350 B 43ms
17ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 7fo89ad7aaf2ec0aotu33er8a6jkojkf

GET
H2 200 e25b51ff-2d08-e4c3-f6bd-b5754a5d905b
pr-bh.ybp.yahoo.com/sync/openx/ Frame 42FC 43 B
987 B 110ms
34ms Image
image/gif 2a05:d018:d29:3602:8032:ea84:336c:262b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/e25b51ff-2d08-e4c3-f6bd-b5754a5d905b?gdpr=0

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:8032:ea84:336c:262b Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 42FC
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=YRenaZHA1NuVHh5

43 B
61 B

17ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=YRenaZHA1NuVHh5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:06 GMT
Server: PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-078691873e5d8cf91@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=YRenaZHA1NuVHh5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 42FC
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://ws.rqtrk.eu/pull?redirect=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D193%26user_id%3D%24BROWSER_ID%26expires%3D1%26ssp%3D%24bidswitch_ssp_id&return-unstable=true&eb=&bidswitch_ssp_id=o...
https://x.bidswitch.net/sync?dsp_id=193&user_id=&expires=1&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=

43 B
61 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=
Date: Thu, 17 Mar 2022 19:22:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 42FC
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7463349268159137952

43 B
61 B

18ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7463349268159137952
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c655ad3e-cfdb-46d8-89fb-785686f61b1b
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7463349268159137952
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame 42FC
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFIVnEwN0VaeFVBQUM4REtTTXRsQQ&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAHVq07EZxUAAC8DKSMtlA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAHVq07EZxUAAC8DKSMtlA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_curre...

43 B
163 B

21ms
20ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAHVq07EZxUAAC8DKSMtlA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAHVq07EZxUAAC8DKSMtlA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 0C32 70 B
264 B 32ms
31ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C32
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0C32 170 B
188 B 20ms
18ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C32
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjYzMzAwMTgzMzM1NjU4Nzc2OTU0Mw%3D%3D
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 0C32 0
141 B 161ms
158ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2633001833356587769543&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B320BD3DDCFF4D96B881772D097EB32F Ref B: FRAEDGE1119 Ref C: 2022-03-17T19:22:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXabvIsEj6BI3JeZo97vw==

GET
H2

200

xuid
eb2.3lift.com/ Frame 0C32
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/2633001833356587769543?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-R21SqYVE2oTFAA_uv43y9I7mOokR26ZjoPYi0ScUUA--~A&dongle=0883

37 B
354 B

8ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-R21SqYVE2oTFAA_uv43y9I7mOokR26ZjoPYi0ScUUA--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-R21SqYVE2oTFAA_uv43y9I7mOokR26ZjoPYi0ScUUA--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 0C32 43 B
220 B 23ms
12ms Image
image/gif 18.194.141.235
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=2633001833356587769543&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.141.235 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-141-235.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame 0C32 42 B
593 B 52ms
31ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=2633001833356587769543&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
etag: "7c5ed6a6f22cd81:0"
last-modified: Mon, 28 Feb 2022 22:29:30 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96AD92B4BF0545778E4240260E1E420E Ref B: FRAEDGE1407 Ref C: 2022-03-17T19:22:07Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 0C32
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=2633001833356587769543
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2633001833356587769543&dcc=t

0
0

205ms
102ms

Image
text/html

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2633001833356587769543&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 0WAYN7Z0Z6NFFCA5T24E
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=2633001833356587769543&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 0C32
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=JNmLqGRJXgJpQfbN3jnc&gdpr=1

37 B
354 B

11ms
11ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=JNmLqGRJXgJpQfbN3jnc&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=JNmLqGRJXgJpQfbN3jnc&gdpr=1
Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 115
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 6247 0
741 B 16ms
14ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ec57f159-7487-40e5-a8ca-2a49a773d21e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 251A 32 KB
10 KB 8ms
8ms Script
text/html 184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=60772
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Fri, 18 Mar 2022 12:14:59 GMT

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 3838 4 KB
2 KB 98ms
29ms Document
text/html 52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9fde37fe3552245c71e944ccf712d7ba5e149d06e84e9998320de34af7f9c963

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: text/html;charset=UTF-8
server: nginx
etag: W/"06088a7a6fc677ebe08f46a546c2cf576"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame 5214 0
0 331ms
107ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP001
date: Thu, 17 Mar 2022 19:22:07 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 80C7 2 KB
814 B 10ms
8ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame FF46 671 B
921 B 114ms
22ms Document
text/html 185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 6411d635cdf87f78ccf8c98296300c1cf8d93b6249c8d6f0ea6a4a87eeb39298

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-length: 671
content-type: text/html
date: Thu, 17 Mar 2022 19:22:07 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame BC50 2 KB
3 KB 111ms
56ms Document
text/html 104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a2c3caa5a548d8b874477ac2bbad36e46b81bec69177b48f93c5d785c9dc496f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|241|46|218|65|4|88
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Expires: Thu, 17 Mar 2022 19:22:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
Content-Length: 1631
Connection: keep-alive

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=7463349268159137952

0
344 B

31ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=7463349268159137952
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 33e7e152-93bb-42ed-a646-01dfaef9c53a
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=7463349268159137952
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ads.servenobid.com/sync?pid=310&uid=bff6021a1d3f325fb9e2befc

0
347 B

32ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=bff6021a1d3f325fb9e2befc
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=bff6021a1d3f325fb9e2befc
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame E4C9 0
277 B 22ms
20ms Image
text/plain 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 17 Mar 2022 19:22:07 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1647544927828
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1839926311
https://sync.1rx.io/usersync/tradedesk/7f1fea4f-557b-4faa-a15f-70f836944c2f
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
https://ads.servenobid.com/sync?pid=321&uid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

0
361 B

31ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=321&uid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
date: Thu, 17 Mar 2022 19:22:07 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX04c4251dacf6407894127b73f8aa3395003
content-type: text/html

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=6203690724968729762

0
344 B

32ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=6203690724968729762
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=6203690724968729762
Date: Thu, 17 Mar 2022 19:22:07 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame E4C9 0
474 B 59ms
13ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=61c8e175-8181-475e-82db-5156d33596ef&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

31ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=61c8e175-8181-475e-82db-5156d33596ef&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=61c8e175-8181-475e-82db-5156d33596ef&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 4
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame E4C9
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ads.servenobid.com/sync?pid=337&uid=y-dLzibn1E2uF9inctPNFVJwSKOks5Xd..fZZFMEY-~A

0
367 B

31ms
31ms

Image
image/avif

54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-dLzibn1E2uF9inctPNFVJwSKOks5Xd..fZZFMEY-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-dLzibn1E2uF9inctPNFVJwSKOks5Xd..fZZFMEY-~A
date: Thu, 17 Mar 2022 19:22:07 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=7463349268159137952

35 B
208 B

38ms
37ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=7463349268159137952
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8007a2e9-90b8-4a74-b4af-22d2b81a6aa0
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=7463349268159137952
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&gdpr=0&gdpr_consent=&us_privacy=1---
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=ee8dc922-e571-4b3d-83eb-d7b81c77c34d&user_group=1&ssp=gumgum2&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://rtb.gumgum.com/usersync?b=bsw&i=3290dd0c-5e16-4dce-890c-f77ade986ebe

35 B
208 B

36ms
36ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=3290dd0c-5e16-4dce-890c-f77ade986ebe
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=3290dd0c-5e16-4dce-890c-f77ade986ebe
Date: Thu, 17 Mar 2022 19:22:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/ Frame 3838
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%284cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&obuid=ENC(4cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://x.bidswitch.net/sync?ssp=outbrain&user_id=4cAjjo4kVr6AzYkhYNxMFk8EByiU-h34Q0EW3CrAR8UGWBEkMFdZDzIVBTvjzbOH
https://p.rfihub.com/cm?in=1&pub=20513&ssp=outbrain
https://x.bidswitch.net/sync?dsp_id=119&user_id=6203690724968729762&expires=30&ssp=outbrain
https://sync.outbrain.com/cookie-sync?p=bidswitch&uid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

0
309 B

91ms
90ms

Image
text/plain

70.42.32.127
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=bidswitch&uid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 70.42.32.127 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:08 GMT
Cache-Control: no-cache
X-TraceId: 43bf7f590ceb5f65414bb02ae462ec99
Content-Length: 0

Redirect headers

Location: //sync.outbrain.com/cookie-sync?p=bidswitch&uid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Date: Thu, 17 Mar 2022 19:22:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=81a193cb-95b1-4edc-a011-b36d7d5a5c54

35 B
208 B

57ms
39ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=81a193cb-95b1-4edc-a011-b36d7d5a5c54
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=81a193cb-95b1-4edc-a011-b36d7d5a5c54
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-a7f66977-6800-4483-63ff-200739d7d7db$ip$217.64.151.7

35 B
208 B

37ms
37ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-a7f66977-6800-4483-63ff-200739d7d7db$ip$217.64.151.7
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-a7f66977-6800-4483-63ff-200739d7d7db$ip$217.64.151.7
Date: Thu, 17 Mar 2022 19:22:08 GMT
Connection: keep-alive
Content-Length: 121
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-DpoQjYZE2pf9EFriQI6dJ7mgyzwdNrTo6x4P~A

35 B
208 B

43ms
38ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-DpoQjYZE2pf9EFriQI6dJ7mgyzwdNrTo6x4P~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-DpoQjYZE2pf9EFriQI6dJ7mgyzwdNrTo6x4P~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=898431d8-a627-11ec-9478-258f38252538

35 B
208 B

35ms
35ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=898431d8-a627-11ec-9478-258f38252538
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=898431d8-a627-11ec-9478-258f38252538
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 898431d9-a627-11ec-9478-258f38252538

GET
H2 204 services
sync.technoratimedia.com/ Frame 3838 0
293 B 301ms
93ms Image
text/plain 141.148.45.191
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.148.45.191 , United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:08 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 186708588
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 3838 0
44 B 289ms
96ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=JNmLqGRJXgJpQfbN3jnc&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2SSONVGHCR2SJJMGOSTQKFTGETRTNJXGGJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JNmLqGRJXgJpQfbN3jnc&us_privacy=1---

35 B
208 B

35ms
35ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JNmLqGRJXgJpQfbN3jnc&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=JNmLqGRJXgJpQfbN3jnc&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

usersync
usersync.gumgum.com/ Frame 3838
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=368a2d54-fe3c-48d3-bd37-01a17dadd8cc

35 B
296 B

62ms
39ms

Image
image/gif

52.19.170.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=368a2d54-fe3c-48d3-bd37-01a17dadd8cc
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 52.19.170.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: envoy
content-type: image/gif
cache-control: private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time: 8
x-region: ireland
content-length: 35
expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=368a2d54-fe3c-48d3-bd37-01a17dadd8cc
date: Thu, 17 Mar 2022 19:22:08 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame 3838
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003&rndcb=3791231772
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe&google_hm=MzI5MGRkMGMtNWUxNi00ZGNlLTg5MGMtZjc3YWRlOTg2...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENpFMXk-Wd2c12Ft7EXpmO4&google_cver=1&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://sync.1rx.io/usersync/bidswitch/3290dd0c-5e16-4dce-890c-f77ade986ebe?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fpartnerid%3D113%26partneruserid%3DRX-04c4251d-a...
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

43 B
163 B

40ms
22ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
date: Thu, 17 Mar 2022 19:22:08 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX04c4251dacf6407894127b73f8aa3395003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 3838
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=ssGqLFnH3IUO&ev=1&pid=558355

35 B
208 B

36ms
36ms

Image
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=ssGqLFnH3IUO&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://rtb.gumgum.com/usersync?b=pln&i=ssGqLFnH3IUO&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5799967b4-8pt8m
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 3838 0
75 B 24ms
22ms Image
text/plain 185.86.139.103
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 3838 0
357 B 33ms
29ms Image
image/avif 54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_c2fbefa2-2f16-4b45-a367-b5077e222cfc
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 57D5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=36ac6233-8a5d-4500-a93f-947b8a137c6c&gdpr=0&gdpr_consent=

35 B
208 B

49ms
37ms

Document
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=36ac6233-8a5d-4500-a93f-947b8a137c6c&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 4256 109297d master cdg-pixel-x24 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=36ac6233-8a5d-4500-a93f-947b8a137c6c&gdpr=0&gdpr_consent=
Expires: Thu, 17 Mar 2022 19:22:06 GMT

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame 239C
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=YjOKWQAAAHbGUAQD&gdpr=0&gdpr_consent=

35 B
297 B

158ms
46ms

Document
image/gif

52.19.170.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=YjOKWQAAAHbGUAQD&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.170.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-170-216.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
content-type: image/gif
content-length: 35
date: Thu, 17 Mar 2022 19:22:07 GMT
x-envoy-upstream-service-time: 13
x-region: ireland
server: envoy

Redirect headers

server: Varnish
retry-after: 0
location: https://usersync.gumgum.com/usersync?b=atm&i=YjOKWQAAAHbGUAQD&gdpr=0&gdpr_consent=
accept-ranges: bytes
date: Thu, 17 Mar 2022 19:22:07 GMT
via: 1.1 varnish
x-served-by: cache-hhn4029-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1647544928.904238,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame F4FF 170 B
188 B 20ms
18ms Document
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jMmZiZWZhMi0yZjE2LTRiNDUtYTM2Ny1iNTA3N2UyMjJjZmM=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: image/png
date: Thu, 17 Mar 2022 19:22:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2D50 15 KB
6 KB 22ms
20ms Document
text/html 104.107.160.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=58507
expires: Fri, 18 Mar 2022 11:37:14 GMT
date: Thu, 17 Mar 2022 19:22:07 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame A0AA 0
0 337ms
109ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP001 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP001
date: Thu, 17 Mar 2022 19:22:07 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 4B0D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=7f1fea4f-557b-4faa-a15f-70f836944c2f&t=1650136927

35 B
208 B

42ms
38ms

Document
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=7f1fea4f-557b-4faa-a15f-70f836944c2f&t=1650136927
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=7f1fea4f-557b-4faa-a15f-70f836944c2f&t=1650136927
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame B090
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

7ms
7ms

Document
text/html

184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Mar 2022 19:22:07 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=gumgum
date: Thu, 17 Mar 2022 19:22:07 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H2 204 um
cs.emxdgt.com/ Frame 4369 0
0 144ms
49ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

content-type: text/html
date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7F3F
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YjOKYMCo5ukAAEaxVR8AAAAA

35 B
208 B

37ms
36ms

Document
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YjOKYMCo5ukAAEaxVR8AAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Thu, 17 Mar 2022 19:22:08 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Thu, 17 Mar 2022 19:22:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YjOKYMCo5ukAAEaxVR8AAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 2
X-SO-HostName: a-ad40292.dc2p.scaleout.jp
X-SO-LB-Hostname: a-tgng40018.dc2p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":9,"gdpr":true,"ipv4":"0.0.0.0","key":"YjOKYMCo5ukAAEaxVR8AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40292"}
X-SO-Key: YjOKYMCo5ukAAEaxVR8AAAAA
X-SO-IP: 217.64.151.7
X-SO-Cluster-ID: 9
X-SO-Upstream-ID: a-ad40292

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 2732
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=3rypP5qZWOG15smTJmM8&pi=gumgum&tc=1

35 B
208 B

47ms
41ms

Document
image/gif

52.31.89.136
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=3rypP5qZWOG15smTJmM8&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.89.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-89-136.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/

Response headers

date: Thu, 17 Mar 2022 19:22:08 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Thu, 17 Mar 2022 19:22:07 GMT Thu, 17 Mar 2022 19:22:07 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=3rypP5qZWOG15smTJmM8&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame BC50 70 B
264 B 30ms
29ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame BC50 170 B
188 B 17ms
17ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame BC50
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB&dcc=t

43 B
645 B

122ms
109ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7DHYKJ2CF75CGTS1GCM7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 5Z1RFN7GY46PBZRYGRG0
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame BC50 0
0 112ms
86ms Image
text/html 185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=YjOKXbMnETZyXfQIq2I74AAA%261153
dpm.demdex.net/ Frame BC50 0
0 40ms
34ms Image
application/json 34.251.227.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YjOKXbMnETZyXfQIq2I74AAA%261153?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.227.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-227-193.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame BC50
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1647631327&gdpr=1

43 B
315 B

108ms
37ms

Image
image/gif

104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1647631327&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 17 Mar 2022 19:22:08 GMT

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1647631327&gdpr=1
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BC50
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7950964832133261594

43 B
1 KB

34ms
34ms

Image
image/gif

104.107.161.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7950964832133261594
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 104.107.161.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-161-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 17 Mar 2022 19:22:07 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7950964832133261594
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame BC50 85 B
338 B 105ms
99ms Image
image/png 151.101.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1647544928.928506,VS0,VE93
x-served-by: cache-hhn4029-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-type: image/png
content-length: 85
x-cache-hits: 0

GET
H2 200 sync
ads.servenobid.com/ Frame BC50 0
357 B 38ms
33ms Image
image/avif 54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YjOKXbMnETZyXfQIq2I74AAABIEAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame FF46 0
344 B 32ms
27ms Image
image/avif 54.78.140.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=6903163135427496488&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.140.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-140-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FF46
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=7463349268159137952&gdpr=0&gdpr_consent=

43 B
408 B

65ms
22ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=7463349268159137952&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:07 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7c008064-d782-4e6c-9fa5-bf3b8bc97f8e
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=7463349268159137952&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FF46
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=9032436911861162631&gdpr=0&gdpr_consent=

43 B
408 B

74ms
23ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=9032436911861162631&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: nginx
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=9032436911861162631&gdpr=0&gdpr_consent=
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
sync.targeting.unrulymedia.com/csync/ Frame FF46
Redirect Chain

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003&rndcb=4090823408
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=adconductor&bds_param=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://x.bidswitch.net/sync?dsp_id=340&user_id=cbff7ec6-90aa-479c-8aaf-b79d1bdfe4d9&expires=10&ssp=adconductor&bsw_param=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://sync.1rx.io/usersync/bidswitch/3290dd0c-5e16-4dce-890c-f77ade986ebe?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003

43 B
395 B

14ms
14ms

Image
image/gif

213.19.147.45
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Server: 213.19.147.45 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:08 GMT
server: Tengine
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
pragma: no-cache
date: Thu, 17 Mar 2022 19:22:08 GMT
cache-control: no-store, no-cache, must-revalidate
server: Tengine
content-type: text/html
expires: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame FF46
Redirect Chain

https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=smartadserver&ssp_user_id=3290dd0c-5e16-4dce-890c-f77ade986ebe
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315618&expires=5&ssp=smartadserver
https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=

43 B
163 B

49ms
22ms

Image
image/gif

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

Location: //rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=3290dd0c-5e16-4dce-890c-f77ade986ebe&gdpr=&gdpr_consent=
Date: Thu, 17 Mar 2022 19:22:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 251A 70 B
264 B 33ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 251A
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NThjYmFhMTk1MTIxMDBlODFjYjExYzdiYmYxMjM2OTU1MzExM2RlYw

170 B
188 B

16ms
15ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NThjYmFhMTk1MTIxMDBlODFjYjExYzdiYmYxMjM2OTU1MzExM2RlYw

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NThjYmFhMTk1MTIxMDBlODFjYjExYzdiYmYxMjM2OTU1MzExM2RlYw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 251A
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0VDPHYO-J-6PIW

0
202 B

160ms
159ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0VDPHYO-J-6PIW
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 96BB29E356F9407886F89E2D8C2A633C Ref B: FRAEDGE1119 Ref C: 2022-03-17T19:22:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXabvIwJj1JR3X7wbj1rg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L0VDPHYO-J-6PIW
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 251A 0
0 33ms
17ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 251A
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=IPYTAyuPTFigB9qvIbTnPA&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=IPYTAyuPTFigB9qvIbTnPA

43 B
556 B

51ms
50ms

Image
image/gif

54.239.38.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=IPYTAyuPTFigB9qvIbTnPA

Protocol

HTTP/1.1

Server

54.239.38.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2FCDKNRREJ400JG0C9NC
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=IPYTAyuPTFigB9qvIbTnPA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 251A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMy3xVy2XZyfFMiv5bzces0&google_cver=1

0
239 B

48ms
7ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMy3xVy2XZyfFMiv5bzces0&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMy3xVy2XZyfFMiv5bzces0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 251A
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBWRFBIWU8tSi02UElX

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBWRFBIWU8tSi02UElX

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Mar 2022 19:22:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBWRFBIWU8tSi02UElX
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 251A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=lHhOHTRvQoWITeizcKFxzg&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lHhOHTRvQoWITeizcKFxzg

43 B
556 B

104ms
104ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lHhOHTRvQoWITeizcKFxzg

Protocol

HTTP/1.1

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YBWA872DD92ED0AHSMV4
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=lHhOHTRvQoWITeizcKFxzg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame B090 32 KB
10 KB 12ms
11ms Script
text/html 184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=60772
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Fri, 18 Mar 2022 12:14:59 GMT

GET
H2 204 um
cs.emxdgt.com/ Frame F4AB 0
0 47ms
46ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

content-type: text/html
date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame FF4A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

281 B
554 B

7ms
7ms

Document
text/html

184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "40014-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Mar 2022 19:22:08 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
date: Thu, 17 Mar 2022 19:22:08 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H/1.1 200
OK uc.html Show response
go.sonobi.com/ Frame 3563 43 B
573 B 81ms
15ms Document
text/html 178.162.133.148
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sonobi.com/uc.html?pubid=e55fb5d7c2

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.148 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

Date: Thu, 17 Mar 2022 19:22:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: go-ams-1-7-8
X-Xss-Protection: 0
Content-Encoding: gzip
Server: sonobi-go

GET
H2 200 cm Show response
gift-connect-d.openx.net/w/1.0/ Frame AD34 0
83 B 23ms
16ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
date: Thu, 17 Mar 2022 19:22:08 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BD99 15 KB
6 KB 23ms
22ms Document
text/html 104.107.160.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.107.160.214 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-107-160-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/

Response headers

last-modified: Tue, 01 Feb 2022 06:38:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=58506
expires: Fri, 18 Mar 2022 11:37:14 GMT
date: Thu, 17 Mar 2022 19:22:08 GMT
vary: Accept-Encoding

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 26FE
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7463349268159137952

0
44 B

101ms
101ms

Image
text/plain

165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7463349268159137952
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: be0f9848-08d7-4b9f-a02a-d94729f72a41
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7463349268159137952
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 26FE
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjOKXbMnETZyXfQIq2I74AAA%261153

0
44 B

96ms
95ms

Image
text/plain

165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjOKXbMnETZyXfQIq2I74AAA%261153
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YjOKXbMnETZyXfQIq2I74AAA%261153
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 282
Expires: Thu, 17 Mar 2022 19:22:08 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 26FE
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=bff6021a1d3f325fb9e2befc

0
44 B

132ms
132ms

Image
text/plain

165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=bff6021a1d3f325fb9e2befc
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-length: 0

Redirect headers

Date: Thu, 17 Mar 2022 19:22:08 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=bff6021a1d3f325fb9e2befc
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 26FE 0
478 B 16ms
13ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 26FE
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UP87b98419-a627-11ec-8de9-021cc92cc318
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP87b98419-a627-11ec-8de9-021cc92cc318

0
44 B

96ms
96ms

Image
text/plain

165.227.252.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP87b98419-a627-11ec-8de9-021cc92cc318
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 165.227.252.242 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 17 Mar 2022 19:22:08 GMT
content-length: 0

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UP87b98419-a627-11ec-8de9-021cc92cc318
date: Thu, 17 Mar 2022 19:22:08 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 26FE
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

49 B
509 B

13ms
13ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

56939
i6.liadm.com/s/ Frame 26FE
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f&_li_chk=true&previous_uuid=7f4f99d3c98d4337805be86d3a9ff8be
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

43 B
419 B

293ms
95ms

Image
image/gif

2600:1f18:444a:4680:b988:ecc0:9832:67ce
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:b988:ecc0:9832:67ce Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:08 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f
Date: Thu, 17 Mar 2022 19:22:08 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame FF4A 32 KB
10 KB 9ms
8ms Script
text/html 184.30.209.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.209.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-209-152.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 17 Mar 2022 19:22:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=60771
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Fri, 18 Mar 2022 12:14:59 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame B090 0
239 B 9ms
9ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L0VDPHYO-J-6PIW
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame FF4A 0
239 B 396ms
93ms Image
image/gif 8.43.72.98
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L0VDPHYO-J-6PIW
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a414d61fde5a538d1bc5c621aec59518
Content-Type: image/gif

POST
H/1.1 200
OK st Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame D604 0
315 B 114ms
114ms XHR
application/x-protobuf 18.223.14.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/st?v=154690
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.223.14.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-223-14-239.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Thu, 17 Mar 2022 19:22:07 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 6247 0
741 B 16ms
16ms Script
text/html 185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 17 Mar 2022 19:22:08 GMT
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0e5727b5-e792-4970-8b19-f394a91ba19f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pix.impdesk.com
URL: https://pix.impdesk.com/csync/google?google_gid=CAESEDI55BFTx3EmrFpIGdcyYMQ&google_cver=1&google_push=AYg5qPKB7agVzMzRAakmE5Wr2YlRAZZGEnYXTr2XFTwP3gA7MStbgPdFJ2fhgr9dQ_8qqteYOmS-OK7hV24xJgb2OMvrwxBpyuGI

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEMN_RsV62g417U40WZtXDpE&google_cver=1&google_push=AYg5qPKHApimI5cHx3sxgl91lq4EQy4OPgyRw9yHHIWvY9G61OrIgLJ_55_G-Q6qyOErVSdN4-aYAsXnoHxchMaR7q9SupWfzlA

Verdicts & Comments Add Verdict or Comment

416 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

121 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 03:48:40	Name: sync Value: CgoIoQEQwYvSyvkvCgoIgQIQwYvSyvkvCgoI4gEQwYvSyvkvCgoI5gEQwYvSyvkvCgoIhwIQwYvSyvkvCgkICRDBi9LK-S8KCQg6EMGL0sr5LwoJCAsQwYvSyvkvCgoIjAIQwYvSyvkvCgkIXxDBi9LK-S8=
i.liadm.com/s	1970-01-20 02:22:16	Name: _li_ss Value: MgkI_____wcQ6hE
.threatpost.com/	1970-01-20 01:39:06	Name: _cs_mk Value: 0.6380105812044914_1647544921265
.demdex.net/	1970-01-20 05:58:16	Name: demdex Value: 59127614741326902190556092110860870140
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.threatpost.com/	1970-01-20 01:40:31	Name: _gid Value: GA1.2.1401525799.1647544922
.threatpost.com/	1970-01-20 01:39:04	Name: _gat_UA-35676203-21 Value: 1
.everesttech.net/	1970-01-20 10:24:40	Name: everest_g_v2 Value: g_surferid~YjOKWQAAAHbGUAQD
.dpm.demdex.net/	1970-01-20 05:58:16	Name: dpm Value: 59127614741326902190556092110860870140
.t.co/	1970-01-20 19:10:16	Name: muc_ads Value: 31839346-689e-457a-aea1-e3226660e414
threatpost.com/	1970-01-20 02:22:16	Name: _pbjs_userid_consent_data Value: 6683316680106290
.quantserve.com/	1970-01-20 11:09:19	Name: mc Value: 62338a59-d0b1e-5b270-dfe40
.threatpost.com/	1970-01-20 19:11:43	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19069%7CMCMID%7C66531499001133740650715306506218098598%7CMCAAMLH-1648149721%7C6%7CMCAAMB-1648149721%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1647552121s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19076%7CvVersion%7C4.4.0
.threatpost.com/	1970-01-20 05:58:16	Name: _pubcid Value: a53008e2-1423-497d-9dbc-6b68d12d6eef
.threatpost.com/	1970-01-20 11:03:33	Name: __qca Value: P0-455049024-1647544921811
.openx.net/	1970-01-20 10:24:40	Name: i Value: a53008e2-1423-497d-9dbc-6b68d12d6eef\|1647544922
.lijit.com/	1970-01-20 10:24:40	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 10:24:40	Name: ljt_reader Value: bff6021a1d3f325fb9e2befc
.adnxs.com/	1970-01-20 03:48:40	Name: icu Value: ChgIzLJhEAoYASABKAEw2pTOkQY4AUABSAEQ2pTOkQYYAA..
.adnxs.com/	1970-01-20 03:48:40	Name: uuid2 Value: 7463349268159137952
.rubiconproject.com/	1970-01-20 10:24:40	Name: khaos Value: L0VDPHYO-J-6PIW
.rubiconproject.com/	1970-01-20 10:24:40	Name: audit Value: 1\|SDziDG3X/EjZ3BUCZefTTDpcd3HBZZ775PzI6EyVJjlVAthPpLFZy2MMoKHXKmBgb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.threatpost.com/	1970-01-20 01:39:04	Name: _gat_UA-63997723-2 Value: 1
e.serverbid.com/	1970-01-20 10:24:40	Name: azk Value: ue1-sb1-6297585b-9af1-49ef-940f-49e3f1710d0f
threatpost.com/	1970-01-21 01:39:04	Name: CookieConsent Value: {stamp:1823147218=='\|Cnecessary:true\|Cpreferences:true\|Cstatistics:true\|Cmarketing:true\|Cver:1\|Cutc:569380079\|Cregion:'not_gdpr'}
threatpost.com/	1970-01-20 10:24:40	Name: usprivacy Value: 1---
.threatpost.com/	1970-01-20 03:48:40	Name: _gcl_au Value: 1.1.2070824347.1647544922
prebid.a-mo.net/	1970-01-20 10:24:40	Name: __amc Value: 1_1647544922_1647544922
.threatpost.com/	1970-01-20 19:10:16	Name: _ga_YP1JLG57CH Value: GS1.1.1647544922.1.0.1647544922.0
.threatpost.com/	1970-01-20 19:10:16	Name: _ga Value: GA1.1.723297198.1647544922
.linkedin.com/	1970-01-20 02:22:16	Name: UserMatchHistory Value: AQKZtJOaoEi-egAAAX-ZVHGowQY8rU8i-yO8dGU-2mxoMwnYskG9xSlCw-2ZiuUOh0lZMphL7kwE8A
.linkedin.com/	1970-01-20 02:22:16	Name: AnalyticsSyncHistory Value: AQJaoSViVTziLwAAAX-ZVHGpgWBjFSZ3ZLhAZyYlEKGJTfNid_KvAoNX4aVsGSouLkE6javjinTvzCQDbmWmKg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:10:58	Name: bcookie Value: "v=2&4db2cb62-b50d-4ec6-812d-f701c8b1c068"
.linkedin.com/	1970-01-20 01:40:31	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=2785:u=1:x=1:i=1647544922:t=1647631322:v=2:sig=AQEx7NLlAIfolwbBdK6NiBU0FfDzDSUn"
.threatpost.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:10:58	Name: bscookie Value: "v=1&2022031719220252d2c4ab-2696-4955-8213-1bed7611b3e0AQHp6Tph3PrF1LlI2np9PEvb3VzDlWp5"
.linkedin.com/	1970-01-20 18:58:59	Name: li_gc Value: MTswOzE2NDc1NDQ5MjI7MjswMjEsuFzDBTm7zhCFBc5DANDPuXt8YM+ay0Z+ZPj6MuxD5A==
.doubleclick.net/	1970-01-20 11:00:40	Name: IDE Value: AHWqTUkXX-0jdR90SlVam9j_IBEwh19_DTFmoI8nBonLwUgeiRKIEuQQVesl1fSE_tQ
.threatpost.com/	1970-01-20 11:00:40	Name: __gads Value: ID=86494fb149286806:T=1647544922:S=ALNI_Mb9MTkgJKMP3vK_GyuDdTOc_K4fwQ
.casalemedia.com/	1970-01-20 10:24:40	Name: CMID Value: YjOKXbMnETZyXfQIq2I74AAA
.casalemedia.com/	1970-01-20 03:48:40	Name: CMPS Value: 5201
.bidswitch.net/	1970-01-20 10:24:40	Name: tuuid Value: 3290dd0c-5e16-4dce-890c-f77ade986ebe
.bidswitch.net/	1970-01-20 10:24:40	Name: c Value: 1647544925
.bidswitch.net/	1970-01-20 10:24:40	Name: tuuid_lu Value: 1647544925
.ads.avads.net/	1970-01-20 11:19:24	Name: av-mid Value: 1e8620ed-16fc-4f74-a4a4-ce0cd9108cc4
.ads.avads.net/	1970-01-20 01:59:14	Name: av-tp-gadx Value: 1
.casalemedia.com/	1970-01-20 03:48:40	Name: CMPRO Value: 1153
.turn.com/	1970-01-20 05:58:16	Name: uid Value: 7950964832133261594
.doubleclick.net/	1970-01-20 01:39:08	Name: DSID Value: NO_DATA
.advertising.com/	1970-01-20 10:26:07	Name: APID Value: UP87b98419-a627-11ec-8de9-021cc92cc318
.blismedia.com/	1970-01-20 10:24:44	Name: b Value: 62338A5DC7AE6248BF8A66DEBLIS
.yahoo.com/	1970-01-20 10:25:02	Name: A3 Value: d=AQABBF2KM2ICEM0bSPVsnjS0xfXz-5Wp9G4FEgEBAQHbNGI9YgAAAAAA_eMAAA&S=AQAAAhmoqhEJPCyBrC9cDUJJbC0
.adfarm1.adition.com/	1970-01-20 03:48:40	Name: UserID1 Value: 7076151571578812570
.adsrvr.org/	1970-01-20 10:24:40	Name: TDID Value: 7f1fea4f-557b-4faa-a15f-70f836944c2f
.simpli.fi/	1970-01-20 10:26:07	Name: suid Value: B43C2F2121914B8DA4518A38BF5320E7
.quantserve.com/	1970-01-20 03:48:40	Name: d Value: EPgBDAHXJYqsMA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjMyMDazNDA3MrE0szA3sjQ3MxLiM9R1c_LzTSwqdy4zsYwCAEyeTSQlAAAA
.rfihub.com/	1970-01-20 11:00:40	Name: rud Value: H4sIAAAAAAAAAOMSNjMyMDazNDA3MrE0szA3sjQ3MxLiM9R1c_LzTSwqdy4zsYyS4jU0MzE3NTGxNDI1MbQAAJrMsPs0AAAA
.mathtag.com/	1970-01-20 11:05:00	Name: uuid Value: 36ac6233-8a5d-4500-a93f-947b8a137c6c
.adform.net/	1970-01-20 02:23:43	Name: C Value: 1
.adform.net/	1970-01-20 03:05:28	Name: uid Value: 9032436911861162631
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129U2ND8gMN_MMK6hyyy4IMLcIKk8pdgUAEfWAdB4AAAA
.volvelle.tech/	1970-01-20 10:24:40	Name: ouuid Value: fcd5fff5-8987-4ecb-8c77-53afe188a00c
.volvelle.tech/	1970-01-20 10:24:40	Name: c Value: 1647544925
.volvelle.tech/	1970-01-20 10:24:40	Name: ouuid_lu Value: 1647544925
.zemanta.com/	1970-01-20 10:24:40	Name: zuid Value: JNmLqGRJXgJpQfbN3jnc
.threatpost.com/	1970-01-20 11:00:40	Name: cto_bundle Value: ApU5MF83MkdaOXEzaER0a3RFMEsyZ3pocDVNJTJCYTRtTFdVSldRMDQlMkJENUVhcFF3a3luRlA0ZFljdEhtWENiQTQlMkJRaXRYY0JMcFpWMjdDUDFKUWY1bUdGSFdONjBJQmRRQWpET043a2dDY21DTyUyQnYyOEpXdm00R00lMkJBS2s5dVB1d0pCcGg
.threatpost.com/	1970-01-20 11:00:40	Name: cto_bidid Value: Y-PYel8wb0N1VlY1cjFoNEpiUncxaG01RE1Qc2VOdkU2RlV4UGxycFJVazM3SUN5SGxRbVZlUnZGOVZIeDVTRXRPQ1VvOUhubzIwZEhFZTM4STFZJTJCUnJYUjFnJTNEJTNE
.3lift.com/	1970-01-20 03:48:40	Name: tluid Value: 2633001833356587769543
.openx.net/	1970-01-20 02:00:40	Name: pd Value: v2\|1647544925.2\|kiiygevNgun0.gqsLommOnsgi
.w55c.net/	1970-01-20 11:09:19	Name: wfivefivec Value: YRenaZHA1NuVHh5
.w55c.net/	1970-01-20 02:22:16	Name: matchopenx Value: 5
.bing.com/	1970-01-20 11:00:40	Name: MUID Value: 253F7CD59F3D656C13A46DBF9E566477
.rqtrk.eu/	1970-01-20 01:49:09	Name: browser_id Value: 1:e5d3499a-d0cc-4c4d-81f4-fbd7b76d683d
.lijit.com/	1970-01-20 10:24:40	Name: _ljtrtb_273657 Value: 273657
.servenobid.com/	1970-01-20 01:49:09	Name: pid_337 Value: y-dLzibn1E2uF9inctPNFVJwSKOks5Xd..fZZFMEY-~A
.servenobid.com/	1970-01-20 01:49:09	Name: pid_324 Value: 6203690724968729762
.servenobid.com/	1970-01-20 01:49:09	Name: pid_312 Value: 7463349268159137952
.servenobid.com/	1970-01-20 01:49:09	Name: pid_310 Value: bff6021a1d3f325fb9e2befc
.bidr.io/	1970-01-20 11:07:38	Name: bito Value: AAHVq07EZxUAAC8DKSMtlA
.bidr.io/	1970-01-20 11:07:38	Name: bitoIsSecure Value: ok
.gumgum.com/	1970-01-20 10:24:40	Name: vst Value: e_c2fbefa2-2f16-4b45-a367-b5077e222cfc
.a-mo.net/	1970-01-20 10:24:40	Name: amuid2 Value: 61c8e175-8181-475e-82db-5156d33596ef
.smartadserver.com/	1970-01-20 11:09:19	Name: pid Value: 6903163135427496488
.servenobid.com/	1970-01-20 01:49:09	Name: pid_327 Value: 61c8e175-8181-475e-82db-5156d33596ef
.servenobid.com/	1970-01-20 01:49:09	Name: pid_309 Value: e_c2fbefa2-2f16-4b45-a367-b5077e222cfc
.adsrvr.org/	1970-01-20 10:24:40	Name: TDCPM Value: CAEYASABKAIyCwiSyeSJxZXEOhAFOAFaBmd1bWd1bWAC
.servenobid.com/	1970-01-20 01:49:09	Name: pid_317 Value: 6903163135427496488
.creativecdn.com/	1970-01-20 10:24:40	Name: u Value: 3rypP5qZWOG15smTJmM8
.creativecdn.com/	1970-01-20 10:24:40	Name: ts Value: 1647544927
.servenobid.com/	1970-01-20 01:49:09	Name: pid_333 Value: YjOKXbMnETZyXfQIq2I74AAABIEAAAIB
.targeting.unrulymedia.com/	1970-01-20 10:24:40	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003%22%7D
.casalemedia.com/	1970-01-20 10:24:40	Name: CMRUM3 Value: 2e62338a5f05a0&2762338a5f0b40&da62338a5f2760&2d62338a5d2760CAESEDOFzs3oALzDPAKXWvczPhQ&4162338a5f05a0&e662338a5f2760&5862338a5f05a0&f162338a5f05a0&0462338a5f27607950964832133261594
.servenobid.com/	1970-01-20 01:49:09	Name: pid_321 Value: RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003
.1rx.io/	1970-01-20 10:24:40	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-04c4251d-acf6-4078-9412-7b73f8aa3395-003%22%2C%22nxtrdr%22%3Afalse%7D
.360yield.com/	1970-01-20 03:48:40	Name: tuuid Value: 368a2d54-fe3c-48d3-bd37-01a17dadd8cc
.360yield.com/	1970-01-20 03:48:40	Name: tuuid_lu Value: 1647544927
.pubmatic.com/	1970-01-20 02:22:16	Name: KRTBCOOKIE_699 Value: 22727-AAHVq07EZxUAAC8DKSMtlA
.pubmatic.com/	1970-01-20 02:22:16	Name: PugT Value: 1647544928
.pubmatic.com/	1970-01-20 03:48:40	Name: PUBMDCID Value: 3
.analytics.yahoo.com/	1970-01-20 10:24:40	Name: IDSYNC Value: "1776~23t7:18yx~23t7:187s~23t7:196n~23t7:17ot~23t7"
.smartadserver.com/	1970-01-20 11:09:19	Name: csync Value: 86:7463349268159137952
.smadex.com/	1970-01-20 10:17:28	Name: smxtrack Value: cbff7ec6-90aa-479c-8aaf-b79d1bdfe4d9
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5G Value: s578\|YjOKY
.casalemedia.com/	1970-01-20 01:40:31	Name: CMST Value: YjOKXWIzimAA
.technoratimedia.com/	1970-01-21 21:27:04	Name: tads_uid Value: GDPR
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 24d7e162925ef824
.outbrain.com/	1970-01-20 03:48:40	Name: obuid Value: 949f81d5-bc75-4702-997e-f5f3fc221f81
.amazon-adsystem.com/	1970-01-21 21:50:07	Name: ad-privacy Value: 0
pool.admedo.com/	1970-01-20 10:24:40	Name: tuuid Value: ee8dc922-e571-4b3d-83eb-d7b81c77c34d
pool.admedo.com/	1970-01-20 10:24:40	Name: c Value: 1647544928
pool.admedo.com/	1970-01-20 10:24:40	Name: tuuid_lu Value: 1647544928
sync.srv.stackadapt.com/	1970-01-20 10:24:40	Name: sa-user-id Value: s%3A0-a7f66977-6800-4483-63ff-200739d7d7db.V5P79Z%2BGhrYzHjKefEwtjFTYzGkuwcORLvTeY3iBvig
.srv.stackadapt.com/	1970-01-20 10:24:40	Name: sa-user-id-v2 Value: s%3Ap_Zpd2gARINj_yAHOdfX29lAlwc.kNX%2B%2Fp%2BhJgAUR0z6X2AsS03CBL2tikK0TT5UiBkfodE
.amazon-adsystem.com/	1970-01-20 06:24:12	Name: ad-id Value: A7Y02bnAAUxQuMNgz6NA6EM
.ipredictive.com/	1970-01-20 10:24:40	Name: cu Value: 898431d8-a627-11ec-9478-258f38252538\|1647544928272
.liadm.com/	1970-01-20 19:10:16	Name: lidid Value: 7f4f99d3-c98d-4337-805b-e86d3a9ff8be
.rfihub.com/	1970-01-20 11:00:40	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129U2ND8gMN_MMK6hyyy4IMLcIKk8pdg3iNTQzMTc1MbE0MjW1NHrFiMI3XsWC4FuYm5ifEkfwzc0tjQApHu8mXQAAAA
.outbrain.com/	1970-01-20 02:07:52	Name: bdswch Value: 3290dd0c-5e16-4dce-890c-f77ade986ebe

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.9&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=8383f973-95e7-4585-8858-c4540d2efcd7&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fphony-instagram-support-staff-emails-hit-insurance-company%2F178929%2F Message: Failed to load resource: the server responded with a status of 403 ()
other	warning	URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686(Line 40) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://pix.impdesk.com/csync/google?google_gid=CAESEDI55BFTx3EmrFpIGdcyYMQ&google_cver=1&google_push=AYg5qPKB7agVzMzRAakmE5Wr2YlRAZZGEnYXTr2XFTwP3gA7MStbgPdFJ2fhgr9dQ_8qqteYOmS-OK7hV24xJgb2OMvrwxBpyuGI Message: Failed to load resource: net::ERR_CONNECTION_REFUSED
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9582686.fls.doubleclick.net
a.rfihub.com
a.volvelle.tech
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ads.adaptv.advertising.com
ads.avads.net
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bfdf657db0961e27d6be6f90ba70a9e1.safeframe.googlesyndication.com
bh.contextweb.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c.eu1.dyntrk.com
c1.adform.net
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
casale-match.dotomi.com
cd.connatix.com
cdn.ampproject.org
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cm.smadex.com
creativecdn.com
cs.chocolateplatform.com
cs.emxdgt.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
eb2.3lift.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
imasdk.googleapis.com
img.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pix.impdesk.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
r.turn.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
rtb2-useast.torchad.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
u.openx.net
um.simpli.fi
um.wbtrk.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
ws.rqtrk.eu
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
pix.impdesk.com
um.wbtrk.net
104.107.160.200
104.107.160.214
104.107.161.8
104.111.215.191
104.111.219.144
104.244.42.133
104.244.42.67
108.138.3.177
13.107.42.14
13.36.218.177
141.148.45.191
142.250.185.130
142.250.185.194
142.250.185.230
147.75.38.124
151.101.12.157
151.101.194.137
151.101.194.49
151.101.66.137
165.227.252.242
169.197.150.8
169.50.137.182
178.162.133.148
178.162.133.149
178.250.2.146
18.159.232.76
18.184.75.207
18.188.70.14
18.194.141.235
18.195.155.181
18.196.142.162
18.197.113.18
18.223.14.239
18.66.112.125
18.66.139.84
184.30.209.152
185.184.8.65
185.29.134.244
185.33.221.50
185.33.221.91
185.64.189.112
185.64.190.80
185.85.15.31
185.86.139.103
185.86.139.113
193.0.160.129
198.148.27.139
2.19.35.65
2001:678:cb4:bbbb::11
202.241.208.55
205.185.216.10
206.189.254.17
213.19.147.43
213.19.147.44
213.19.147.45
23.0.33.234
2600:1f18:444a:4680:b988:ecc0:9832:67ce
2600:9000:223c:7400:6:44e3:f8c0:93a1
2600:9000:2250:ea00:2:9275:3d40:93a1
2600:9000:2490:5800:0:5c46:4f40:93a1
2602:803:c003:200::61
2604:9e00:1:129::2:a01
2606:4700:20::681a:8a9
2606:4700:3031::6815:456d
2606:4700::6812:272
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:800::200a
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:808::2004
2a00:1450:4001:808::200e
2a00:1450:4001:813::2003
2a00:1450:4001:813::2008
2a00:1450:4001:813::200a
2a00:1450:4001:813::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2002
2a00:1450:400c:c0c::9c
2a02:2638:1::13
2a02:26f0:6c00::210:ba0a
2a02:fa8:8806:16::1400
2a05:d018:d29:3602:8032:ea84:336c:262b
3.123.251.241
3.126.56.137
3.33.220.150
34.251.227.193
34.96.105.8
34.98.64.218
35.172.159.73
35.173.160.135
35.186.253.211
35.205.207.25
35.210.178.101
35.210.53.219
35.212.101.174
35.244.174.68
37.157.2.235
46.105.202.126
51.178.20.139
51.75.146.160
51.89.21.10
51.89.9.254
52.19.170.216
52.202.13.238
52.28.203.152
52.31.32.190
52.31.89.136
52.46.154.242
52.51.88.158
54.145.48.80
54.155.215.129
54.239.38.253
54.78.140.244
63.33.104.96
64.140.160.2
64.202.112.191
66.155.71.150
67.202.105.22
69.173.144.139
69.173.144.165
70.42.32.127
72.251.249.14
72.251.249.9
76.223.111.18
8.43.72.98
85.114.159.118
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
0438443c5183988512cdbd914ec1b0e09de48615300e179195259a8b744cb489
04b8f218bac21bbf362b2a045b04761474ddc5ca2152e0e4d3c5c8e07c7caeb2
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
063293aa1f6a6e7c74ac32bd6af8360571b646140e6922ec5733130d32842467
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11ea17f5a25189f1f44733a56e0647428ac7f6649ae4510913da362892f591b1
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12bdbba1c12e8c0db4e6cdb4256780e30a73ce553fcd10a67dc1539184fa61e8
14f17e5a9922761162f13a1ebe6cf4bf53cac2d3b3041b941ae3f40f32ae6fba
15c6681347badf59c693dc0c6a5b00178276d749eb98ec1f6cb28ab0578b1e4d
15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a064b735b498e6721dc8bdd21a0a5efbcbcbe9df3b8ebb2a5ff7cd359536117
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1d0d865bc35e09ec7970337a0e5740889c4650003a076c08d5f988cc56a8e1c7
1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1e3ad558d76829f2c832006cfba3d1340c6ced6be0a92a244af6d317fae49958
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
215667f9e3ec661991bab882d051bde245e642548a5b25b7a8500a67c28dcf50
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
27b3a5c4c3bc42647043f653b240a7c7c8baa0eba3ebe56288b89b66472e4a9a
27bcc93168da4cc12a3dc98430584c4c54582d7b6d1fa739be16046335ff7a19
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c48fe66dc80e8739864031048a9bdb23c32525572a414af4315f72b1197673e
2c70950a4a6609aaf9630efd961ae9559409e1d44373b64e6e0cfe35d4969a35
2cc0fd9bd3a2ffb0c846a82add3513135a9481503fa9eb06736f1bab08475f42
2d381d73540269a69e01cba1aee89fb10a153d73ecc0298b22dde524bcfd79a1
2d707d196309a3934a7e9614a4571cd7dbe0676542dcfd8cc0baafc8d1f6543c
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2e9c0b058a57bf81824527a6e070f8d5afa3b65a5a0cea672d054c137cd7186b
3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d
31c9c6d89fd245072e9d39cc5dd3ec8fc0f708d42a8626413e4cfd4da5fec988
327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1
32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba
34199b9d864a28218e05ed623a045f3b30f6715baff40bad1bfab2948548ed87
34df469995b81d63131711c160ab028283dd037658405040483026655b3eb4d8
360105dbb9d08cac5fabaf8252853ea3ad521bf7eee4c9c32ae92f89a72e8290
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3705d0878203cc0b2525dcb0f874d85cc6b881d1fca1869191da4e599c768241
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
38459ffa4908d290e0f71780cb703a37e2ae184bfea7bbaaf01a4c5d76a2aa23
38abc86d7855ff5512923395501c001d773334d5f2af2520510c4e7899dc1b5d
3943670f65f64922037af89395298bb4609175ac25ecfdfe45f0ecbd0310c2a6
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
39e82ad5da0804aea6bbd0a810ed818997ac5dc0a85a9d8b4c0939069d194ceb
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3c8377ca40d3f4a0494631e37a86768bc354d647754bad2d872f6d3b4ea026c0
3cc61017a4fcf8a881f5d7d0d0f69419b0a2290bc0e9a9bc125cb7c6a9073921
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3da04b183f0c2f30f338427c543e8e50ab9bc23b21c51601b6e02cd365588d6a
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
402255b20b4b0f135e6e6fce45c65b8e5834d844c1a7a477869d9cdc8d659b5c
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
465bc6e36b215a14438f356485295a62d42e47b7adeb2bbf0b46771de477103e
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4acbd290943ec69e1f0f1af0d3a7c799ce09c0a89a0bfe953fb3503a1320355f
4b6c2cabe35ab603f2cff6d7b73775bca1d81016b1f1e06fe4da4bbf3c5766eb
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
52477aa6aed89e60ae9aa05f9d5ad89c87d39eef6f50ae0844ec2955b9d540ed
530fa3b6923647a6e26ffbb9f1cc3e774b964d33765a8c5f74021c733a11f700
544e825b2f929afaf5d84354bed769874fa5e375e07815c7d0a2675f7df3420b
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5519184db51d9080740989b2845f601da3e4a9f722f47ae27035df41cf59ef48
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5730e55fc1d4613338815fdcc36d807f8c89c7890da3cbfe1f1529017208420d
58f7248c529a623caf7254acf486fd7ae1e406c172210ec74cbaa2b718e9e288
5947d0db2a3e41f355ddfe4d074f24d7a6efeb990fc64ced283d072b4f126a8c
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d328104059d8212d3397048f3d4b2f8065c357ac6dc2014ce527960580a3d6a
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
5fe731de51027f2906a0246086613601bb2bc91df13572ce7bfebf980f15f5a3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
62ea1c90037461fd3ceebf5e3f4314ee70031b282afb4e685499b05717fa813e
6411d635cdf87f78ccf8c98296300c1cf8d93b6249c8d6f0ea6a4a87eeb39298
6418e7fe77ab785ac95beceec33fc8bfd67470a00a161240460e231d5c719062
64427295e5a075f53c29837be5e897527f129c2d959f94182fd72504ea7c3b9f
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
663574d2ab01e89eac600d72544c85d698349fd4d62fec89c83394c6fcca6d86
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6c8ebf386bf7163c131706f38442e2ede0d6d59c160a036ef286257a80a1357c
6c92295dad524af787414ee6238fd912bc84097819654b4c0242472f0b29a26e
6cdcafba32d043d9ba06bf8a7b24a87ab163c1a75101215ac7d0124efe13d0bb
6e064195d96ca6606be981b116b622ab037451daeadcca85e5f8e83cfc440918
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
735ef1634e5d8f0f0670ea3aba315a5b85842b9bec03689e1aff082f7ec23595
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
75bc436951e30e91e0f09ca6661d1302950aa6e7e052abdf8fd6a9383701a14d
7731a75deaeb4897ee4038be3dad1cbde216b57c6ddd839683a5d1d2e1d8cc1d
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c17653e2697cf613a91b201ad77591722e6524aa383004b55f697aecd7674bd
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7e00f75870cb800fca43f3eb0ee2921b596508ab55b3827c94f4a99f560de755
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7e98e6f06f8b1b2c9e31c725c806d3095b04f47c756c627c0e0e5057dff1716e
7ee7be21d91af71ca9589c2044eb2f4666ac9f7427e73c6dea7d4d0d870b8af4
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
8154aa9057e3367d9d3e4bb1f85db9645c01fc0690091aadc57dbae849ba3499
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8511ee7712c355e582a5131f4e4f9f185ac50042aae214153315d4c292c14ecd
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8bd8b222126e1ce1d7523b80a44c48834a64dbe1d9e9bd6a681dea5fc984d6c9
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
90dbd457fafa4a6773f9f7c83a7c25feb3ac139ee764cac153bf6f9f5612aa07
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a254ff0f4ce3ff50cee5bfa02d0ddb06baaa0abbf862284a2f7a0572bd491f2
9a41a17a1aa636356e037c93e86a04493b1b02c503c6bdee9561b8c2bd68bd71
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e7d88dde3171cfdf57aac61230af0a74a0582d75eec54f4dda0d7820745402c
9fd25caa6a3965489f9f4312dcc66b039ddad840c224e5bd625fc5371e40fe22
9fde37fe3552245c71e944ccf712d7ba5e149d06e84e9998320de34af7f9c963
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a2c3caa5a548d8b874477ac2bbad36e46b81bec69177b48f93c5d785c9dc496f
a2ef03fcd25b86976c30f6ebfe0b2772784054dc5884d78874f00eb626b6b0d6
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4cc8248c65b1d5277d920cd0aaadaf2d0b0aeb2c31c3078171127866ad304b7
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa889303b1a846435bc8e1b85194b4cfea93f74519f30e4264b533dd8fff65ce
ab131af8dcf32d1295d460ffcd76322abc88911f1e281824dcf6d63ddcb4e4cd
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
abfa5ce24f65db048040344e04b17c9f99d99170f41393641a1531828c05b3ce
ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad56fc0408989aeb2e4fd2a9eaea7c5e1d5d6c900598a364d38422be46b408c9
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b2d94250c4da8c8a797d14d8f9b298eec27448d56977c492ce9c3d6f1d11bdbb
b4c71058570b7caf1144c2d3b228abe1d3678a482a78e0a6c0509e0c2848d1d0
b55ed180fcbf0694b116f66f526def99e53923266b8deb2089aa0f673a6ef9e5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f
bc68a3e6e6f0074ff46c18beea2033fc4e8c6ee513dc0617758f45e2bdd8b88a
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
c1bd9e436c6596808083e38bbef0ced2dd104b0037970335597aa8c5e5b95dec
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c395b5122c45194cd616064e8b5cd68d3fa0f9a8bfe2df8a376ddabdaf5e2f10
c4673f335c024041fe458d3408c615386d26767aded1a371ed1f1d3b75ccd9df
c49825547fd709c80e5e3dcc0258b6de3b7465d27f5af3d4af76a049cffc685c
c567d0068aa9d314d13047cf6af171cce476501aac5e5521bd2b2233b16fbce5
c66af41820c97bbe43aaff2ad7200fc5e31bd4c1cd9c6e659c94b115eca46030
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cdf17c68c8a30ac57a1f7e6c9dcb83c663ee62e9bcc89f9f972f15b84fcd2760
cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d0919849cbc3e870384df1fc4e72312ee8f272205f80bec14d29551cc8b44c95
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1262f4d34dced1d1e90e093c9094f4c17a69c7285f47bd7051b60889b906dfc
d2266d6bde09b961e9197a6f18c8560c1b67baf2504d7755ab1aeaf9d93e23fa
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d65dae0bdc61170aad1eaa1c3fcd6138e157a73efd1bbfd650fa85a337e68902
d699d9bc5d46cdf08a717e70f1ac596ceb10ac3b48ad98bafcba3b89e26797fa
dba466c43a288cc89aa2166d63cd97219a544b6fadb70508323701819052dbb3
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e1fb6d6996a472e6438f6bf4f6562de53f80ae3bbe868a46acb5bf967b6011da
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ea6f838bdea8b608e0d19a65cbfc08fbfc6065d67a00a85e9a7d0e36f472c549
ea7337029e1b86f58ad69f113d867d4db72f8c17e7293747307dd25ec90db42f
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f51b1e58e30fc485c38f622df1ed79b1d7b6fee581f2f3329970fff9cc71eeaf
f558a9a6eeef180607677837bb37b6fbc068d907b89e35f694665e96eb816c81
f8931497c9789406bbdba81b99398a4a419a943d28765ab1c44b8efbe4ae1b81
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fee2ba91996f09cd206eba35c7b8d862428b2b13ef4bd91fc87efb434e77a92c

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

456 Requests

83 %HTTPS

27 %IPv6

93 Domains

157 Subdomains

107 IPs

10 Countries

6767 kBTransfer

14923 kBSize

121 Cookies

13 Outgoing links

Redirected requests

456 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

456
Requests

83 %
HTTPS

27 %
IPv6

93
Domains

157
Subdomains

107
IPs

10
Countries

6767 kB
Transfer

14923 kB
Size

121
Cookies

456 HTTP transactions
3 data transactions