urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html'
Effective URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Submission: On April 09 via api from IL — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 106 IPs in 11 countries across 102 domains to perform 385 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 383026.
TLS certificate: Issued by GeoTrust TLS DV RSA Mixed SHA256 2020... on March 24th 2022. Valid for: a year.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 45 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:205... 16509 (AMAZON-02)
1 108.157.4.79 16509 (AMAZON-02)
12 92.122.146.68 16625 (AKAMAI-AS)
7 68.183.31.14 14061 (DIGITALOC...)
16 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 18.198.109.212 16509 (AMAZON-02)
1 2600:9000:224... 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 4 3.68.148.208 16509 (AMAZON-02)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
1 54.36.109.186 16276 (OVH)
4 8 52.223.40.198 16509 (AMAZON-02)
3 5 185.33.220.244 29990 (ASN-APPNEX)
4 157.245.94.128 14061 (DIGITALOC...)
2 34.149.20.76 15169 (GOOGLE)
2 18.196.230.57 16509 (AMAZON-02)
1 35.158.2.24 16509 (AMAZON-02)
2 185.86.137.32 201081 (SMARTADSE...)
2 178.162.133.150 60781 (LEASEWEB-...)
2 34.107.148.139 15169 (GOOGLE)
2 2602:803:c004... 26667 (RUBICONPR...)
4 72.251.249.14 29791 (VOXEL-DOT...)
6 35.244.159.8 15169 (GOOGLE)
3 11 185.33.221.88 29990 (ASN-APPNEX)
2 204.237.133.116 3257 (GTT-BACKB...)
1 35.157.246.167 16509 (AMAZON-02)
1 5 5.178.65.246 50673 (SERVERIUS-AS)
3 66.155.71.25 13768 (COGECO-PEER1)
1 35.186.253.211 15169 (GOOGLE)
2 5 18.213.137.182 14618 (AMAZON-AES)
2 5.178.65.253 50673 (SERVERIUS-AS)
1 3 168.119.149.178 24940 (HETZNER-AS)
1 1 104.92.74.8 16625 (AKAMAI-AS)
4 104.89.20.125 16625 (AKAMAI-AS)
4 2.20.85.92 16625 (AKAMAI-AS)
3 10 2.20.85.164 16625 (AKAMAI-AS)
1 205.234.175.175 30081 (CACHENETW...)
1 3 51.89.9.253 16276 (OVH)
18 2606:4700:10:... 13335 (CLOUDFLAR...)
4 104.36.113.23 62713 (AS-PUBMATIC)
2 5 69.173.144.138 26667 (RUBICONPR...)
14 31 142.250.186.162 15169 (GOOGLE)
2 3 35.227.248.159 15169 (GOOGLE)
1 2 37.157.6.252 198622 (ADFORM)
2 3 2a04:4e42:600... 54113 (FASTLY)
1 2600:1f16:e61... 16509 (AMAZON-02)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 3 52.31.67.18 16509 (AMAZON-02)
1 34.254.143.3 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
2 2 85.114.159.118 24961 (MYLOC-AS ...)
2 2 35.201.81.244 15169 (GOOGLE)
1 185.15.245.80 24961 (MYLOC-AS ...)
2 3 54.220.157.118 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
3 52.208.40.40 16509 (AMAZON-02)
3 4 151.101.2.49 54113 (FASTLY)
1 1 23.35.228.210 16625 (AKAMAI-AS)
1 1 50.19.100.94 14618 (AMAZON-AES)
3 5 52.94.223.37 16509 (AMAZON-02)
2 104.89.42.102 16625 (AKAMAI-AS)
1 1 34.240.234.119 16509 (AMAZON-02)
3 3 69.173.144.139 26667 (RUBICONPR...)
2 35.244.174.68 15169 (GOOGLE)
3 5 209.54.180.3 16509 (AMAZON-02)
1 2 2a05:d018:d29... 16509 (AMAZON-02)
1 18.64.115.87 16509 (AMAZON-02)
4 4 35.156.243.46 16509 (AMAZON-02)
4 4 216.200.232.249 30419 (MEDIAMATH...)
1 1 34.204.146.63 14618 (AMAZON-AES)
2 4 37.157.6.247 198622 (ADFORM)
1 212.129.3.113 12876 (Online SAS)
26 2a00:1450:400... 15169 (GOOGLE)
2 172.217.16.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
14 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
4 216.58.212.162 15169 (GOOGLE)
1 152.195.15.58 15133 (EDGECAST)
2 104.92.106.130 16625 (AKAMAI-AS)
2 21 104.36.113.107 62713 (AS-PUBMATIC)
4 4 52.49.96.153 16509 (AMAZON-02)
1 1 198.148.27.140 19189 (PULSEPOINT)
1 185.86.137.132 201081 (SMARTADSE...)
1 72.251.241.206 29791 (VOXEL-DOT...)
1 178.250.0.163 44788 (ASN-CRITE...)
1 169.197.150.7 398989 (DEEPINTENT)
1 1 154.59.122.79 174 (COGENT-174)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 104.92.91.221 16625 (AKAMAI-AS)
1 1 104.45.178.220 8075 (MICROSOFT...)
7 185.64.190.80 62713 (AS-PUBMATIC)
2 2 38.27.122.126 174 (COGENT-174)
4 5 169.50.137.184 36351 (SOFTLAYER)
1 132.226.63.138 31898 (ORACLE-BM...)
1 2 54.210.33.215 14618 (AMAZON-AES)
1 1 3.122.214.5 16509 (AMAZON-02)
2 104.36.113.24 62713 (AS-PUBMATIC)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 1 18.156.0.31 16509 (AMAZON-02)
1 1 54.227.164.149 14618 (AMAZON-AES)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 2620:116:800d... 16509 (AMAZON-02)
3 3 3.124.66.16 16509 (AMAZON-02)
2 2 18.197.103.129 16509 (AMAZON-02)
1 2 38.67.14.233 174 (COGENT-174)
1 1 34.102.253.54 15169 (GOOGLE)
2 2 193.232.150.45 48061 (UMA-TECH-AS)
1 159.203.145.121 14061 (DIGITALOC...)
1 1 193.0.160.129 54312 (ROCKETFUEL)
2 151.101.1.108 54113 (FASTLY)
2 104.17.120.107 13335 (CLOUDFLAR...)
1 67.202.105.23 32748 (STEADFAST)
1 1 81.222.128.216 20597 (ELTEL-AS)
1 1 2600:9000:215... 16509 (AMAZON-02)
2 2 76.223.111.18 16509 (AMAZON-02)
1 2a02:26f0:f7:... 20940 (AKAMAI-ASN1)
2 3.121.27.153 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (AMOBEE)
2 3 3.248.131.63 16509 (AMAZON-02)
1 204.237.133.121 ()
2 2 23.88.75.189 ()
2 151.101.129.44 ()
4 4 213.19.147.45 ()
2 2 172.104.105.5 ()
2 2 52.21.142.155 ()
6 6 51.210.112.236 ()
4 4 35.201.96.126 ()
2 104.36.113.68 ()
2 4 77.243.60.138 ()
2 18.233.206.192 ()
2 52.17.2.116 ()
385 106
45    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2600:9000:2057:4200:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
ws.sharethis.com
1    108.157.4.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-79.dus51.r.cloudfront.net
platform-api.sharethis.com
12    92.122.146.68 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-146-68.deploy.static.akamaitechnologies.com
contextual.media.net
lg3.media.net
7    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
16    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    18.198.109.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-109-212.eu-central-1.compute.amazonaws.com
l.sharethis.com
1    2600:9000:224a:8600:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
4    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google-analytics.com
www.google.com
2    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2606:4700:20::681a:a9c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
4    3.68.148.208 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-148-208.eu-central-1.compute.amazonaws.com
aa.agkn.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    54.36.109.186 (France)

ASN16276 (OVH, FR)
PTR: p06.id5-sync.com
id5-sync.com
8    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
5    185.33.220.244 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
4    157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
2    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
2    18.196.230.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-230-57.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
1    35.158.2.24 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-2-24.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    185.86.137.32 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
2    178.162.133.150 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com
apex.go.sonobi.com
2    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
4    72.251.249.14 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
6    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
us-u.openx.net
u.openx.net
11    185.33.221.88 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
2    204.237.133.116 (West Chester, United States)

ASN3257 (GTT-BACKBONE GTT, US)
hbopenbid.pubmatic.com
1    35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
5    5.178.65.246 (Amsterdam, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
u-ams02.e-planning.net
3    66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel.sitescout.com
pixel-sync.sitescout.com
1    35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com
rtb.openx.net
5    18.213.137.182 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-137-182.compute-1.amazonaws.com
a.audrte.com
2    5.178.65.253 (Amsterdam, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net
s.e-planning.net
3    168.119.149.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.149.119.168.clients.your-server.de
sync.richaudience.com
1    104.92.74.8 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    104.89.20.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-20-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
4    2.20.85.92 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-85-92.deploy.static.akamaitechnologies.com
ads.pubmatic.com
10    2.20.85.164 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-85-164.deploy.static.akamaitechnologies.com
ssum.casalemedia.com
dsum-sec.casalemedia.com
1    205.234.175.175 (Leesburg, United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
3    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
18    2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
4    104.36.113.23 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
pixel.rubiconproject.com
31    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net
3    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pixel.tapad.com
2    37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
dmp.adform.net
3    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f16:e61:3f02:77d9:b48f:f0d0:e412 (Columbus, United States)

ASN16509 (AMAZON-02, US)
dmp.v.fwmrm.net
2    2a05:d018:24:b001:d380:435c:59d4:5fe8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
3    52.31.67.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-67-18.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Milan, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
2    85.114.159.118 (Rheinfelden, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.80 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
3    54.220.157.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
3    52.208.40.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-40-40.eu-west-1.compute.amazonaws.com
beacon.krxd.net
4    151.101.2.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    23.35.228.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-210.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    50.19.100.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-100-94.compute-1.amazonaws.com
usermatch.krxd.net
5    52.94.223.37 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
2    104.89.42.102 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    34.240.234.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-234-119.eu-west-1.compute.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
3    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
5    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    2a05:d018:d29:3601:cf48:bf87:67aa:ca6e (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    18.64.115.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-115-87.txl50.r.cloudfront.net
tags.crwdcntrl.net
4    35.156.243.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-243-46.eu-central-1.compute.amazonaws.com
pm.w55c.net
4    216.200.232.249 (Monrovia, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    34.204.146.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-146-63.compute-1.amazonaws.com
nep.advangelists.com
4    37.157.6.247 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    212.129.3.113 (France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-113.rev.poneytelecom.eu
js.cookieless-data.com
26    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
6    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
14    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
9    2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
4    216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net
googleads4.g.doubleclick.net
1    152.195.15.58 (United States)

ASN15133 (EDGECAST, US)
cdn.bizibly.com
2    104.92.106.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-106-130.deploy.static.akamaitechnologies.com
sync.teads.tv
21    104.36.113.107 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
4    52.49.96.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-96-153.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    185.86.137.132 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
1    72.251.241.206 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
1    154.59.122.79 (United States)

ASN174 (COGENT-174, US)
ums.acuityplatform.com
2    2606:4700::6812:c05 (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
2    104.92.91.221 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-91-221.deploy.static.akamaitechnologies.com
px.owneriq.net
1    104.45.178.220 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
mweb.ck.inmobi.com
7    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    38.27.122.126 (Chestertown, United States)

ASN174 (COGENT-174, US)
match.bnmla.com
5    169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
1    132.226.63.138 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
2    54.210.33.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-210-33-215.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
1    3.122.214.5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-5.eu-central-1.compute.amazonaws.com
docker.creative-serving.com
2    104.36.113.24 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
1    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    54.227.164.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-164-149.compute-1.amazonaws.com
sync.ipredictive.com
1    2a02:fa8:8806:16::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
pubmatic-match.dotomi.com
2    2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
cms.quantserve.com
3    3.124.66.16 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-66-16.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    18.197.103.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-103-129.eu-central-1.compute.amazonaws.com
rtb.mfadsrvr.com
2    38.67.14.233 (Fredericksburg, United States)

ASN174 (COGENT-174, US)
pmp.mxptint.net
1    34.102.253.54 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 54.253.102.34.bc.googleusercontent.com
ads.playground.xyz
2    193.232.150.45 (Russian Federation)

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp18.sender.ltmse.com
px.adhigh.net
1    159.203.145.121 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
cs.chocolateplatform.com
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
a.rfihub.com
2    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    104.17.120.107 (None, )

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
1    67.202.105.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
1    81.222.128.216 (Russian Federation)

ASN20597 (ELTEL-AS, RU)
PTR: ad16.adriver.ru
ssp.adriver.ru
1    2600:9000:2156:9e00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    2a02:26f0:f7::5c7b:e14b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
code.createjs.com
2    3.121.27.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    2001:678:cb4:bbbb::13 (United Kingdom)

ASN56396 (AMOBEE, GB)
d.turn.com
3    3.248.131.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-131-63.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
1    204.237.133.121 (None, )

ASN- ()
simage4.pubmatic.com
2    23.88.75.189 (None, )

ASN- ()
csync.loopme.me
2    151.101.129.44 (None, )

ASN- ()
match.taboola.com
4    213.19.147.45 (None, )

ASN- ()
sync.1rx.io
2    172.104.105.5 (None, )

ASN- ()
gocm.c.appier.net
2    52.21.142.155 (None, )

ASN- ()
sync.srv.stackadapt.com
6    51.210.112.236 (None, )

ASN- ()
pixel.onaudience.com
4    35.201.96.126 (None, )

ASN- ()
visitor.fiftyt.com
2    104.36.113.68 (None, )

ASN- ()
aud.pubmatic.com
4    77.243.60.138 (None, )

ASN- ()
uipglob.semasio.net
2    18.233.206.192 (None, )

ASN- ()
rtb.adentifi.com
2    52.17.2.116 (None, )

ASN- ()
rtb.gumgum.com
Apex Domain
Subdomains		 Transfer
45 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 383026
2 MB
43 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 457
ads.pubmatic.com — Cisco Umbrella Rank: 461
image6.pubmatic.com — Cisco Umbrella Rank: 622
simage2.pubmatic.com — Cisco Umbrella Rank: 620
image2.pubmatic.com — Cisco Umbrella Rank: 898
image4.pubmatic.com — Cisco Umbrella Rank: 880
simage4.pubmatic.com
aud.pubmatic.com
53 KB
41 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293
83 KB
40 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
480 KB
18 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1718
mwzeom.zeotap.com — Cisco Umbrella Rank: 1566
6 KB
18 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 438
ib.adnxs.com — Cisco Umbrella Rank: 248
acdn.adnxs.com — Cisco Umbrella Rank: 597
48 KB
18 wp.com
i0.wp.com — Cisco Umbrella Rank: 2767
stats.wp.com — Cisco Umbrella Rank: 2657
pixel.wp.com — Cisco Umbrella Rank: 2521
339 KB
15 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 458
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1117
eus.rubiconproject.com — Cisco Umbrella Rank: 567
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2538
token.rubiconproject.com — Cisco Umbrella Rank: 675
pixel.rubiconproject.com — Cisco Umbrella Rank: 350
25 KB
14 media.net
contextual.media.net — Cisco Umbrella Rank: 527
lg3.media.net — Cisco Umbrella Rank: 3387
prebid.media.net — Cisco Umbrella Rank: 1206
94 KB
13 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 35113
cdn.pixfuture.com — Cisco Umbrella Rank: 45277
prebidserver.pixfuture.com — Cisco Umbrella Rank: 48369
483 KB
10 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1212
s.amazon-adsystem.com — Cisco Umbrella Rank: 281
7 KB
10 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1353
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575
12 KB
9 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
339 KB
8 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5400
s.e-planning.net — Cisco Umbrella Rank: 7051
u-ams02.e-planning.net — Cisco Umbrella Rank: 71417
i.e-planning.net — Cisco Umbrella Rank: 7123
4 KB
8 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
3 KB
7 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 858
tags.crwdcntrl.net — Cisco Umbrella Rank: 1523
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
15 KB
7 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 40329
rtb.openx.net — Cisco Umbrella Rank: 1537
us-u.openx.net — Cisco Umbrella Rank: 411
u.openx.net — Cisco Umbrella Rank: 709
1 KB
6 onaudience.com
pixel.onaudience.com
3 KB
6 adform.net
dmp.adform.net — Cisco Umbrella Rank: 2577
c1.adform.net — Cisco Umbrella Rank: 577
3 KB
5 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 825
2 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
5 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1233
sync.mathtag.com — Cisco Umbrella Rank: 445
3 KB
5 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 656
match.taboola.com
943 B
5 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2378
9 KB
5 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 846
cms.analytics.yahoo.com — Cisco Umbrella Rank: 883
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474
ups.analytics.yahoo.com — Cisco Umbrella Rank: 300
3 KB
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 383
mug.criteo.com — Cisco Umbrella Rank: 2668
dis.criteo.com — Cisco Umbrella Rank: 706
2 KB
5 sharethis.com
ws.sharethis.com — Cisco Umbrella Rank: 8124
platform-api.sharethis.com — Cisco Umbrella Rank: 5091
l.sharethis.com — Cisco Umbrella Rank: 4704
buttons-config.sharethis.com — Cisco Umbrella Rank: 6017
51 KB
4 semasio.net
uipglob.semasio.net
2 KB
4 fiftyt.com
visitor.fiftyt.com
2 KB
4 1rx.io
sync.1rx.io
1 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 503
2 KB
4 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 884
3 KB
4 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 576
1 KB
4 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 440
usermatch.krxd.net — Cisco Umbrella Rank: 1217
1 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 607
1 KB
4 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 431
1 KB
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 289
2 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
2 KB
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 434
1 KB
3 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 860
1 KB
3 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1666
744 B
3 sitescout.com
pixel.sitescout.com — Cisco Umbrella Rank: 3311
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
573 B
3 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1356
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 635
1 KB
3 33across.com
ssc.33across.com — Cisco Umbrella Rank: 1496
ssc-cms.33across.com — Cisco Umbrella Rank: 994
493 B
3 google-analytics.com
google-analytics.com — Cisco Umbrella Rank: 33
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 gumgum.com
rtb.gumgum.com
417 B
2 adentifi.com
rtb.adentifi.com
93 B
2 stackadapt.com
sync.srv.stackadapt.com
1 KB
2 appier.net
gocm.c.appier.net
790 B
2 loopme.me
csync.loopme.me
401 B
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 960
688 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 400
947 B
2 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2644
2 KB
2 adhigh.net
px.adhigh.net — Cisco Umbrella Rank: 10466
963 B
2 mxptint.net
pmp.mxptint.net — Cisco Umbrella Rank: 4748
965 B
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 866
1 KB
2 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 423
cms.quantserve.com — Cisco Umbrella Rank: 1127
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 769
d.turn.com — Cisco Umbrella Rank: 814
936 B
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1390
574 B
2 bnmla.com
match.bnmla.com — Cisco Umbrella Rank: 1605
1 KB
2 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 1082
476 B
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 824
s.tribalfusion.com — Cisco Umbrella Rank: 2497
1 KB
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1031
344 B
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
73 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
957 B
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 794
919 B
2 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 453
529 B
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 37912
673 B
2 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1548
1 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1129
794 B
2 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1668
1 KB
2 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 1787
8 KB
2 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 601
idsync.rlcdn.com — Cisco Umbrella Rank: 327
44 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
97 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 138
83 KB
1 createjs.com
code.createjs.com — Cisco Umbrella Rank: 1365
63 KB
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 746
444 B
1 adriver.ru
ssp.adriver.ru — Cisco Umbrella Rank: 11995
342 B
1 rfihub.com
a.rfihub.com — Cisco Umbrella Rank: 3110
1 KB
1 chocolateplatform.com
cs.chocolateplatform.com — Cisco Umbrella Rank: 2208
68 B
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 3831
466 B
1 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3142
104 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1068
522 B
1 creative-serving.com
docker.creative-serving.com — Cisco Umbrella Rank: 5739
475 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1211
1 inmobi.com
mweb.ck.inmobi.com — Cisco Umbrella Rank: 3963
348 B
1 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 1157
674 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 919
44 B
1 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1504
408 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 578
497 B
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 10533
345 B
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 6757
535 B
1 advangelists.com
nep.advangelists.com — Cisco Umbrella Rank: 2414
232 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 166565
215 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 18657
272 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 128118
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7475
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 12014
411 B
1 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1077
115 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 699
536 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 682
6 KB
0 googleapis.com Failed
fonts.googleapis.com Failed
385 102
Domain Requested by
45 securityaffairs.co 1 redirects securityaffairs.co
31 cm.g.doubleclick.net 14 redirects spl.zeotap.com
ads.us.e-planning.net
ssum.casalemedia.com
googleads.g.doubleclick.net
26 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
21 simage2.pubmatic.com 2 redirects ads.pubmatic.com
16 i0.wp.com securityaffairs.co
14 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
13 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
11 ib.adnxs.com 3 redirects cdn.pixfuture.com
spl.zeotap.com
googleads.g.doubleclick.net
acdn.adnxs.com
9 s0.2mdn.net googleads.g.doubleclick.net
securityaffairs.co
s0.2mdn.net
9 contextual.media.net securityaffairs.co
contextual.media.net
cdn.pixfuture.com
8 dsum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
googleads.g.doubleclick.net
8 match.adsrvr.org 4 redirects cdn.pixfuture.com
ads.us.e-planning.net
ssum.casalemedia.com
googleads.g.doubleclick.net
7 image2.pubmatic.com ads.pubmatic.com
7 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
6 pixel.onaudience.com 6 redirects
6 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
5 um.simpli.fi 4 redirects ads.pubmatic.com
5 s.amazon-adsystem.com 3 redirects ads.us.e-planning.net
ssum.casalemedia.com
5 aax-eu.amazon-adsystem.com 3 redirects ads.us.e-planning.net
5 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
5 a.audrte.com 2 redirects ads.us.e-planning.net
a.audrte.com
5 secure.adnxs.com 3 redirects
4 uipglob.semasio.net 2 redirects
4 visitor.fiftyt.com 4 redirects
4 sync.1rx.io 4 redirects
4 match.prod.bidr.io 4 redirects
4 googleads4.g.doubleclick.net googleads.g.doubleclick.net
securityaffairs.co
4 c1.adform.net 2 redirects ssum.casalemedia.com
ads.pubmatic.com
4 sync.mathtag.com 4 redirects
4 pm.w55c.net 4 redirects
4 pixel.rubiconproject.com 2 redirects ads.us.e-planning.net
4 sync-tm.everesttech.net 3 redirects bcp.crwdcntrl.net
4 image6.pubmatic.com ads.pubmatic.com
spl.zeotap.com
4 ads.pubmatic.com ads.us.e-planning.net
ads.pubmatic.com
cdn.pixfuture.com
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 ap.lijit.com cdn.pixfuture.com
4 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
4 aa.agkn.com 1 redirects cdn.pixfuture.com
ads.pubmatic.com
3 sync.crwdcntrl.net 2 redirects bcp.crwdcntrl.net
3 x.bidswitch.net 3 redirects
3 www.google.com googleads.g.doubleclick.net
tpc.googlesyndication.com
3 token.rubiconproject.com 3 redirects
3 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
bcp.crwdcntrl.net
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 dpm.demdex.net 2 redirects bcp.crwdcntrl.net
3 trc.taboola.com 2 redirects spl.zeotap.com
3 pixel.tapad.com 2 redirects spl.zeotap.com
3 onetag-sys.com 1 redirects ads.us.e-planning.net
3 u-ams02.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
ads.pubmatic.com
3 sync.richaudience.com 1 redirects ads.us.e-planning.net
spl.zeotap.com
3 lg3.media.net securityaffairs.co
2 rtb.gumgum.com ads.pubmatic.com
2 rtb.adentifi.com ads.pubmatic.com
2 aud.pubmatic.com
2 sync.srv.stackadapt.com 2 redirects
2 gocm.c.appier.net 2 redirects
2 match.taboola.com ads.pubmatic.com
2 csync.loopme.me 2 redirects
2 ps.eyeota.net
2 eb2.3lift.com 2 redirects
2 biddr.brealtime.com cdn.pixfuture.com
2 u.openx.net cdn.pixfuture.com
2 acdn.adnxs.com cdn.pixfuture.com
2 px.adhigh.net 2 redirects
2 pmp.mxptint.net 1 redirects ads.pubmatic.com
2 rtb.mfadsrvr.com 2 redirects
2 pixel-sync.sitescout.com ads.pubmatic.com
bcp.crwdcntrl.net
2 image4.pubmatic.com ads.pubmatic.com
2 beacon.lynx.cognitivlabs.com 1 redirects ads.pubmatic.com
2 match.bnmla.com 2 redirects
2 px.owneriq.net 1 redirects ads.pubmatic.com
2 sync.teads.tv googleads.g.doubleclick.net
2 us-u.openx.net googleads.g.doubleclick.net
2 www.googletagservices.com googleads.g.doubleclick.net
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 partner.googleadservices.com pagead2.googlesyndication.com
2 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
2 tags.bluekai.com spl.zeotap.com
bcp.crwdcntrl.net
2 idsync.frontend.weborama.fr 2 redirects
2 dsp.adfarm1.adition.com 2 redirects
2 sync.tidaltv.com 2 redirects
2 dmp.adform.net 1 redirects spl.zeotap.com
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 s.e-planning.net ads.us.e-planning.net
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 hbopenbid.pubmatic.com cdn.pixfuture.com
2 pixfuture2-d.openx.net cdn.pixfuture.com
2 fastlane.rubiconproject.com cdn.pixfuture.com
2 prebid.media.net cdn.pixfuture.com
2 apex.go.sonobi.com cdn.pixfuture.com
2 prg.smartadserver.com cdn.pixfuture.com
2 hb.emxdgt.com cdn.pixfuture.com
2 ssc.33across.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
2 www.google-analytics.com google-analytics.com
www.googletagmanager.com
2 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
2 l.sharethis.com ws.sharethis.com
securityaffairs.co
2 connect.facebook.net securityaffairs.co
connect.facebook.net
1 simage4.pubmatic.com ads.pubmatic.com
1 d.turn.com 1 redirects
1 code.createjs.com s0.2mdn.net
1 s.ad.smaato.net 1 redirects
1 ssp.adriver.ru 1 redirects
1 cms.quantserve.com 1 redirects
1 ssc-cms.33across.com cdn.pixfuture.com
1 a.rfihub.com 1 redirects
1 cs.chocolateplatform.com googleads.g.doubleclick.net
1 ads.playground.xyz 1 redirects
1 pixel.quantserve.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 sync.ipredictive.com 1 redirects
1 ups.analytics.yahoo.com 1 redirects
1 ad.turn.com 1 redirects
1 idsync.rlcdn.com ads.pubmatic.com
1 docker.creative-serving.com 1 redirects
1 sync.technoratimedia.com ads.pubmatic.com
1 mweb.ck.inmobi.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 ums.acuityplatform.com 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 cm.adgrx.com ads.pubmatic.com
1 rtb-csync.smartadserver.com ads.pubmatic.com
1 bh.contextweb.com 1 redirects
1 cdn.bizibly.com googleads.g.doubleclick.net
1 js.cookieless-data.com s.e-planning.net
1 nep.advangelists.com 1 redirects
1 tags.crwdcntrl.net s.e-planning.net
1 id.rlcdn.com ads.us.e-planning.net
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 i.e-planning.net ads.us.e-planning.net
1 secure-assets.rubiconproject.com 1 redirects
1 rtb.openx.net ads.us.e-planning.net
1 pixel.sitescout.com ads.us.e-planning.net
1 c2shb.ssp.yahoo.com cdn.pixfuture.com
1 btlr.sharethrough.com cdn.pixfuture.com
1 id5-sync.com cdn.pixfuture.com
1 pixel.wp.com securityaffairs.co
1 google-analytics.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 ws.sharethis.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 api.rlcdn.com Failed cdn.pixfuture.com
0 fonts.googleapis.com Failed securityaffairs.co
385 158
Subject Issuer Validity Valid
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
sharethis.com
Amazon		 2021-07-19 -
2022-08-17		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-01-17 -
2022-04-17		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.agkn.com
RapidSSL RSA CA 2018		 2020-07-25 -
2022-09-18		 2 years crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-02-04 -
2022-05-03		 3 months crt.sh
*.id5-sync.com
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2022-03-22 -
2022-06-20		 3 months crt.sh
*.emxdgt.com
Amazon		 2021-07-02 -
2022-07-31		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-03-11 -
2023-04-12		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-03-08 -
2022-08-31		 6 months crt.sh
ads.us.e-planning.net
R3		 2022-02-24 -
2022-05-25		 3 months crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-12-15 -
2023-01-15		 a year crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
*.e-planning.net
R3		 2022-03-09 -
2022-06-07		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-02 -
2022-06-07		 a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-13 -
2022-10-14		 a year crt.sh
dmp.theadex.com
R3		 2022-03-16 -
2022-06-14		 3 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-30 -
2022-07-05		 a year crt.sh
teads.tv
R3		 2022-03-23 -
2022-06-21		 3 months crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-01 -
2023-03-28		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2020-04-09 -
2022-06-08		 2 years crt.sh
*.owneriq.net
GeoTrust RSA CA 2018		 2021-12-05 -
2022-12-06		 a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-17 -
2022-10-05		 a year crt.sh
beacon.lynx.cognitivlabs.com
Amazon		 2021-04-28 -
2022-05-27		 a year crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-18 -
2022-07-13		 6 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
cs.chocolateplatform.com
ZeroSSL RSA Domain Secure Site CA		 2022-03-31 -
2022-06-29		 3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
tls.adobe.com
DigiCert SHA2 Secure Server CA		 2020-06-01 -
2022-06-06		 2 years crt.sh
*.eyeota.net
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
adentifi.com
Amazon		 2021-09-04 -
2022-10-03		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh

This page contains 71 frames:

Primary Page: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Frame ID: 3A9DA8465E25668FB8122C85972A3306
Requests: 128 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 28F303FB45A1C98F6A533119BBCA4CA9
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 77AB8355A5FAE17831C8DA31722C87AA
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Frame ID: 31F93F18BB6AD1608231D96F9FF01083
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 25AD0BCA06D686A10271323078A14B5A
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: EB48C1244671C45323821A1E39F3ABED
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Frame ID: 6CD8E89FA5A2BF84E43BF9AF0A1292B6
Requests: 22 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Frame ID: ED16974D5BA7B05B6DC84A8CF82039D0
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 813486118BE26FC50B064CD713104E1C
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 51C0BA2419CC58D959C18CE5B62890B8
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&cmp=0
Frame ID: C5A2C5482DAD28A077D29B4C18353B00
Requests: 30 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 510AF109BAA609A1536AF0E699A4BA12
Requests: 2 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ANpiMr%2fD0KRIDjmb
Frame ID: 9F930A9031CEDA4A42FE9CAACB9C1EF1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 10B14F79B78F196B4988A9504DB46A77
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 63CDEE27ECCED87526FD9B730EEDDE71
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Frame ID: AFE86F19E478B1C61A72E03CE52C18F8
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Frame ID: 6DEABD9727617CDF8FEE87538C9467E1
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Frame ID: 5809DEF940EDBE091A2B1D5E32FF1D5D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Frame ID: 6E184ABCCDF584AAED2D2A4FEBEE9808
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 003DB11D82D1BDE294889AE65CC7459D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8062CACC4C423A3ECD9480C7A6835177
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Frame ID: 5074C04AD9B524E44C6C0083B8FCBBCD
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YlG3PAATV341YQAy&gdpr=0&gdpr_consent=
Frame ID: C4C6537BFBE0BF62B23FA78A7246EE2C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:af476251-b73c-4000-9774-8360e728a3e2&gdpr=0&gdpr_consent=
Frame ID: 31BE7A6468ACA0855E91F6D4BA34AD73
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAET_07Eo24AADXeFOxC8A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: 3F960EFE71C75C15CA4477E3BF7EAA6C
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 2FB5D70D1B38C2DE53428FD2B9274462
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 583F1EFA86080CE8419624F6DD449072
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: EB233D5350C2FFC1D0861EB1689B1C3D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=662108089712
Frame ID: B5A5CEB6669E587C091BAB601B4BE68F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7uSuhjaM1NDe9u5&gdpr=0&gdpr_consent=
Frame ID: 11A997BBF0281324DA8C1BAEFB15BFD0
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 672F23AF4F5F8F187DBF9D206DC7DE9C
Requests: 1 HTTP requests in this frame

Frame: https://px.owneriq.net/noop?ct=image%2Fgif
Frame ID: 6DF9D71F76128149425D69DDE0DBAA48
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fbc17853-c966-4aba-a655-35b323199b22
Frame ID: 830AE1621FAD4FA8471224B1E9D39FC9
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Frame ID: 6240C59A5773E3159D102D1762BBA211
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Frame ID: 8BFBBF6855BFFD1068A11F0CDAE8EA85
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
Frame ID: E8707F0F0EFD62B3552254B05C9A6D9F
Requests: 1 HTTP requests in this frame

Frame: https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=fa2cdb69ce172e9b&uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Frame ID: 95F1DCBA8846E5AE3F07FF3D5A7BEB50
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F4F49DE17E89CFA2D8D06C049FB3F13D
Requests: 9 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 71A02B17410981274DDB3E8135880E0B
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 688692DCE3F3B76A08B9513E01D7AC53
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: C00527A861DA478D936D3B34D72491C2
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: E268029598027299EB97BA701B4770EE
Requests: 8 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: 14BF9F79BD975943850CFBE3D0429E70
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: AB6AB7FD3DC08C70183A4B4F2500467E
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: D54E243439B72A53ACF04A20937DFA1B
Requests: 8 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 1456E4C6B9DA1C7A915002E332AD5507
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: F01C860E76201D5AEC22A69E70E73659
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: E31C816933AB47496C4EA5DFE58F7690
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 9F7AF67ADD83C12AE56EEA7B6B6971A0
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 0BE3424B280ADFA08117AE540BD24EC0
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Frame ID: FFD2A2E64114525F0AEC71FB500A7A05
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 19DEC2A3083EBF3050E9D905A2507F9E
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Frame ID: 9ACC0470A962691F698C2C2117A3764C
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BBC496BE35E1290D512DD6393429ECE2
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6A8E41F5E28C58DC92E0D9DC05BB3C1A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FA97DD9009B1D58F3485C1B0FE521BE0
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 61897DE84AAA483B2418CBC86B126288
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 71D1AB49C9FA39506EF28590F5331747
Requests: 2 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Frame ID: CD16FBEEEEB8740E323BFD2ED74ADE8C
Requests: 7 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 71DF5078B32035C64FDA318ADDAFC268
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b2d324ed-198b-49d9-8856-77f4d7c2c382-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 181FE4F936A0C255FC9D21F11065A135
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Frame ID: C2CB6BE9CA4466E7C3689D375487C14B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Frame ID: 635BCA78B3AA446FBB3851781B4801A1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=U6jZtrHyD3iOz7NUQbdRYg
Frame ID: 62807E34FB7A56D7EA2606B7A63ABD30
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=jneLRYt4QXlUOxwGAz4iBtlAlwk
Frame ID: C173C91FD38A3340619A30A533EDFCF3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 9D12F4FB0ABA1297BBA1E62F6E3341C2
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=72acd639-4b94-4218-9ba7-e6fec17f46e6-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 9B93E8BFEAD110FA362D868722081F23
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Frame ID: 11CD6B1C5635FFBE2F4A61D30DCA9633
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Frame ID: F46E9A5B477DA2919A0E55F33F3F77E0
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=yoGmaFx-BBKs-9GmQbdRYg
Frame ID: 0E323731A680D168D72D4792A2AF9F50
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=giM0CgmOQqlOykQPxMSputlAlwk
Frame ID: 6C0422C7F533C028F177688DD7FCFE7C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JackPOS malware presented as a Java Update SchedulerSecurity Affairs

Page URL History Show full URLs

  1. http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' HTTP 301
    https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

385
Requests

80 %
HTTPS

21 %
IPv6

102
Domains

158
Subdomains

106
IPs

11
Countries

4005 kB
Transfer

6264 kB
Size

129
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' HTTP 301
    https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 96
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=XFO1oHxrcXhOMSs1YUdWb3NiS2xRY1hEbXdJWWNGQTlkUnB1dDVCK3NTWTNZUGpvdVg2emxmVjVVTTRZL1VxWmpZcDN4ZWc3Vmg4RVlsSG84L0RkVDZCTkdaNmwxVFpNY0JFRFRwaStubk9hN3N6amQvYnZIUVNjZDk1WG82QW0yT25wa2tvM1YwcG9JMmQvaGxFcTJnSFkxL1JyT0Nmc2xVRjYrcUMzVjZEc1RKNEt5U3YyU2w5bDdiSHJWWHpNWDNSeC81N0hnaWpMN2Z0elN0SjJoOVc3amlDUmhiZUVEZU5vcVpkT1RsczhpWUhzL1huNnJlUU4vUDlybFFzWWhwNkdPfA&cppv=2
Request Chain 100
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 101
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 128
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 133
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dfa2cdb69ce172e9b HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Request Chain 134
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dfa2cdb69ce172e9b%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=fa2cdb69ce172e9b&uid=8510518999554731344
Request Chain 135
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Request Chain 137
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Request Chain 146
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=f3d22f60-eb70-4926-9344-0ae9dff92b2c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 148
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=319376c5-9625-4c33-b391-6a27fbdfa8bb&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 152
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=d8a67105-0d96-4d59-94ed-d3e1d3636bf1&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 153
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f0174930-1ab8-4528-6046-6b798887b0e4&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f0174930-1ab8-4528-6046-6b798887b0e4&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=62323517783589047982982618089287176966&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 155
  • https://bn01.er.bemail.it/zeotap.php?_bid=f0174930-1ab8-4528-6046-6b798887b0e4&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022040918-46609-0.731361001649522476-db2422a9c391225f76dc1d1b5b3cb6be&zdid=533&env=mWeb
Request Chain 156
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7084645157161400465&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 158
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0174930-1ab8-4528-6046-6b798887b0e4&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0174930-1ab8-4528-6046-6b798887b0e4&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361&bounce=1&random=978777249 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=uC.ALBEAEdj5jKTqH7dpRO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 160
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f0174930-1ab8-4528-6046-6b798887b0e4?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f0174930-1ab8-4528-6046-6b798887b0e4?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 161
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-CdDaU5hE2oqzROnYdxyXxVUCFxoj3dxSVg--~A&zpartnerid=570&env=mWeb
Request Chain 162
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=3qhONQL5KXYqPluKo%2Bilm1F521Bp0UXt%2BS41iYitP1U%3D
Request Chain 165
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361&_test=YlG3PAATV341YQAy HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YlG3PAATV341YQAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&_test=YlG3PAATV341YQAy
Request Chain 166
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=af476251-b73c-4000-9774-8360e728a3e2&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 167
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 168
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&dcc=t
Request Chain 170
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Request Chain 172
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzM2YjQzOTllMDM1ZDg3ZjQxNjQ4MTMwY2ExODdhM2Y1YzE5OGVjMw
Request Chain 173
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Vis4i1GcS0GVos2lgSYqzQ&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vis4i1GcS0GVos2lgSYqzQ
Request Chain 176
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=zL56AkPNSwun0Hr3Y6Rmxw&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=zL56AkPNSwun0Hr3Y6Rmxw
Request Chain 177
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/wgKOs5ZkxvZang6a1xtGhw?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5241790954741141273
Request Chain 178
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFTMzNOWEEtWC1DQ0M1
Request Chain 179
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDWKs3v2MCDbF7QKUIBI9j8&google_cver=1
Request Chain 184
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB&dcc=t
Request Chain 185
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YlG3O8..O3n0hOcaloMf2gAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&gdpr=1&google_hm=2
Request Chain 188
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=7uSuhjaM1NDe9u5&gdpr=1
Request Chain 189
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=a6986251-b73c-4300-a637-e6ce051086ed&gdpr=1&gdpr_consent=
Request Chain 190
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-7a17d7d2-40c3-4ea9-9d78-99ff217d0de2
Request Chain 221
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1
Request Chain 222
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YlG3O8..O3n0hOcaloMf2gAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&google_hm=2
Request Chain 223
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECsLCWKpJpf5waZ2hGatKCQ&google_cver=1
Request Chain 224
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODUxMDUxODk5OTU1NDczMTM0NA%3D%3D
Request Chain 231
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAdqYe4TI65ChIR9c_Zfe08&google_cver=1
Request Chain 233
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEAssLOtB3XtKLEmLKiwYk1U&google_cver=1
Request Chain 238
  • https://c1.adform.net/serving/cookie/match?party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Request Chain 239
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YlG3PAATV341YQAy&gdpr=0&gdpr_consent=
Request Chain 240
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:af476251-b73c-4000-9774-8360e728a3e2&gdpr=0&gdpr_consent=
Request Chain 241
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVF8wN0VvMjRBQURYZUZPeEM4QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAET_07Eo24AADXeFOxC8A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAET_07Eo24AADXeFOxC8A&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAET_07Eo24AADXeFOxC8A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Request Chain 245
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=662108089712
Request Chain 246
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7uSuhjaM1NDe9u5&gdpr=0&gdpr_consent=
Request Chain 247
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 248
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/noop?ct=image%2Fgif
Request Chain 249
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fbc17853-c966-4aba-a655-35b323199b22
Request Chain 250
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
  • https://match.bnmla.com/usersync?dspid=6&uuid=363B886755E84EE2BA063EFB46881D49 HTTP 302
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Request Chain 251
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=34e415d5-1158-4e3b-a4f9-eff6a566833e&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Request Chain 252
  • https://docker.creative-serving.com/cm?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=${UUID} HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
Request Chain 254
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZzdHH2p_Ty6eQAYkXe0_5g%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 256
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=af476251-b73c-4000-9774-8360e728a3e2
Request Chain 257
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjczNzQ3MUYtNkE3Ri00RjJFLTlFNDAtMDYyNDVERUQzRkU2&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 258
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMfUYK4PGpN7Iyv8NlDhSIQ&google_cver=1
Request Chain 260
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3438805548955832676&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 261
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=319376c5-9625-4c33-b391-6a27fbdfa8bb
Request Chain 263
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PqheueZE2uWgH1zPzqnsFnMLAIXCWNQ-~A&gdpr=0&gdpr_consent=
Request Chain 264
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8510518999554731344&gdpr=0&gdpr_consent=
Request Chain 265
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ea599bd3-b823-11ec-b297-832d259745f8&gdpr=0&gdpr_consent=
Request Chain 268
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N
Request Chain 269
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7652430638150434878
Request Chain 270
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0cacc7af-3cb6-468a-8b46-87d17171d230 HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0cacc7af-3cb6-468a-8b46-87d17171d230 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=1e4e8327-38be-410f-904c-e9a98857e2d0&ssp=pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0cacc7af-3cb6-468a-8b46-87d17171d230&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 271
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1D530_EE116DC4_4F17F1EC&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 272
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8510518999554731344
Request Chain 277
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECNJKiE2kcoJ7GoTcTzD9ZU&google_cver=1&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4J4R3FrTF_SqQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=r0diUbc8QACXdINg5yij4g&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4J4R3FrTF_SqQ
Request Chain 279
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEMgs3N68uM9PpKOSDpn2yI&google_cver=1&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h02j83pX_BSjNSL HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4NDY0NTE1NzE2MTQwMDQ2NQ%3D%3D&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h02j83pX_BSjNSL
Request Chain 280
  • https://px.adhigh.net/p/gm/rub?google_gid=CAESEOlrGYSNvohLxdNkfZFgunU&google_cver=1&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac HTTP 302
  • https://px.adhigh.net/p/gm/rub?google_gid=CAESEOlrGYSNvohLxdNkfZFgunU&google_cver=1&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&bounced=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&google_hm=tRHbHvbq3p4AAikABlGADzPKkg%3D%3D
Request Chain 282
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEL2DS9ChLABOZpn2c9Ir7Fo&google_cver=1&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb7OB_8dw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb7OB_8dw&google_hm=Njg5MjQ3NjAxNDE1NjYxMjA5OQ==
Request Chain 283
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJPfGGR0ZjCOE58xx-VEg6o&google_cver=1&google_push=AYg5qPJVZjGahIm7oNs3AJuJ2QJz8osDNVHmU2b2H5tSIgcJR-l7fa-MDKmqvWDBtFxuuIlD2hdYIIVddUSImYGWQ41_nR-B6eIm HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJVZjGahIm7oNs3AJuJ2QJz8osDNVHmU2b2H5tSIgcJR-l7fa-MDKmqvWDBtFxuuIlD2hdYIIVddUSImYGWQ41_nR-B6eIm HTTP 302
  • https://onetag-sys.com/sync/i,19/?google_error=5
Request Chain 311
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEDBFfqSq_HXyie0SPTfOAE&google_cver=1&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3TbIDqRDrX0C-dljLycSPcrgt0zk9MGkbsCGQHDpqYb HTTP 302
  • https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3TbIDqRDrX0C-dljLycSPcrgt0zk9MGkbsCGQHDpqYb&google_hm=0mMFR0G7yyt5OoGkrxnEQQ
Request Chain 312
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cver=1&google_push=AYg5qPIIm_sT9e9GBjzMESXP9sGjVN1rTK1b74QldtQDZIByPsOR45oX0gAXjqQj7IIRRyD0zKcu-J0W3frRcMbfLrroT18zNC49 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N3VTdWhqYU0xTkRlOXU1&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cver=1&google_push=AYg5qPIIm_sT9e9GBjzMESXP9sGjVN1rTK1b74QldtQDZIByPsOR45oX0gAXjqQj7IIRRyD0zKcu-J0W3frRcMbfLrroT18zNC49
Request Chain 313
  • https://um.simpli.fi/gp_match?google_gid=CAESENltAGqhlR6-kWYkS_5lSi0&google_cver=1&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3IyR8zulW-KfptLn HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=363B886755E84EE2BA063EFB46881D49&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3IyR8zulW-KfptLn
Request Chain 314
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEI0Z-2pHd5tMbLWny717YWE&google_cver=1&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM93qOgKeXzUWoshx8AhP4E2P2DbpcqbIhw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM93qOgKeXzUWoshx8AhP4E2P2DbpcqbIhw&google_hm=QVBDX3YtQWNnYURmU2VheTZFNjViWUE=
Request Chain 315
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENjQPu_3drPovjCpg3XqokU&google_cver=1&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gDQHQXMEHl6RpG-g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gDQHQXMEHl6RpG-g
Request Chain 316
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKr9ANuHgZ2IVVQVhR-uBy8&google_cver=1&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW&google_gid=CAESEKr9ANuHgZ2IVVQVhR-uBy8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQwOTU2NjYzNzk0NjQ2ODM0Ng%3D%3D&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW
Request Chain 350
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=&google_gid=CAESEJ440QWNRYuCosZN7Qofv3w&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 352
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=6780421372029519068 HTTP 302
  • https://ps.eyeota.net/match?bid=kh51m51&uid=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
Request Chain 359
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/1fa7ad1e02ac4a81b5ef4a7b39a1f9bd/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/gdpr=1 HTTP 302
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3438805548955832676/gdpr=1
Request Chain 363
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 364
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b2d324ed-198b-49d9-8856-77f4d7c2c382-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 365
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1649522497080 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Request Chain 366
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Request Chain 367
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=U6jZtrHyD3iOz7NUQbdRYg
Request Chain 368
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=jneLRYt4QXlUOxwGAz4iBtlAlwk
Request Chain 369
  • https://pixel.onaudience.com/?partner=214&mapped=6737471F-6A7F-4F2E-9E40-06245DED3FE6 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=319376c5-9625-4c33-b391-6a27fbdfa8bb&icm HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=2b614e5b3614df38/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
Request Chain 370
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
Request Chain 371
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 375
  • https://pixel.onaudience.com/?partner=214&mapped=6737471F-6A7F-4F2E-9E40-06245DED3FE6 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
  • https://pixel.onaudience.com/?partner=147&mapped=319376c5-9625-4c33-b391-6a27fbdfa8bb&icm HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=2b614e5b3614df38/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
Request Chain 376
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr= HTTP 302
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=&fbounce=1 HTTP 302
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
Request Chain 377
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 379
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 380
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=72acd639-4b94-4218-9ba7-e6fec17f46e6-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 381
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1649522497106 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Request Chain 382
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Request Chain 384
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=yoGmaFx-BBKs-9GmQbdRYg
Request Chain 385
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=giM0CgmOQqlOykQPxMSputlAlwk

385 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jackpos-pos-malware.html
securityaffairs.co/wordpress/22121/malware/
Redirect Chain
  • http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html'
  • https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
102 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8e51c99aed0db0e1ab0c5c40f3444705cca4e9d2d2600b07e858a28aede4b4a5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:28 GMT
link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/22121>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=22121>; rel=shortlink
server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 09 Apr 2022 16:41:27 GMT
Keep-Alive
timeout=15
Location
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Server
Apache
Transfer-Encoding
chunked
X-Redirect-By
WordPress
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		95 KB
95 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d923ee78c830ba61f65748ff977f348a9b8160f36f05c922b6431428ed693d22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Tue, 05 Apr 2022 21:49:11 GMT
server
Apache
accept-ranges
bytes
etag
"17bff-5dbef371d9676"
content-length
97279
content-type
text/css
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"2bf8-5b61073acf500"
content-length
11256
content-type
text/css
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
Apache
accept-ranges
bytes
etag
"1360-597430d761a00"
content-length
4960
content-type
text/css
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"c22-5d8402c38291d"
content-length
3106
content-type
text/css
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"6a71-5d8402c38291d"
content-length
27249
content-type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.2.4
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617
age
3196305
cdn-cachedat
2021-06-08 21:08:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
733e37acd0daf33e87865ddb13826614
cf-ray
6f94b0c5dd2d83bb-MXP
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
Apache
accept-ranges
bytes
etag
"4d92-52704407f72c0"
content-length
19858
content-type
text/css
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
683 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"21b-526fe6d7cd700"
content-length
539
content-type
text/css
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
Apache
accept-ranges
bytes
etag
"1851-5270441180940"
content-length
6225
content-type
text/css
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"6b4-526fe6d5e5280"
content-length
1716
content-type
text/css
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"4574-526fe6d5e5280"
content-length
17780
content-type
text/css
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"118d-526fe6e527680"
content-length
4493
content-type
text/css
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
478 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
Apache
accept-ranges
bytes
etag
"14e-526fe6d5e5280"
content-length
334
content-type
text/css
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
Apache
accept-ranges
bytes
etag
"1b844-526fe6d7cd700"
content-length
112708
content-type
text/css
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
content-type
text/css; charset: UTF-8;charset=UTF-8
server
Apache
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
Apache
accept-ranges
bytes
etag
"c5f2-526fe6d6d94c0"
content-length
50674
content-type
text/css
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		19 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
67289e231e0f7e5160b64d6761481954fbd89cc2f3cd3bf469fca94d7b4d6c87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"4d01-5dc033b777710"
content-length
19713
content-type
text/css
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 06 Apr 2022 21:42:02 GMT
server
Apache
accept-ranges
bytes
etag
"312f-5dc033b613025"
content-length
12591
content-type
text/css
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"46758-5c7d1b0de3c40"
content-length
288600
content-type
application/javascript
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
Apache
accept-ranges
bytes
etag
"62d4-5b61073acf500"
content-length
25300
content-type
application/javascript
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 		34 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c106f968e6dae4cc1049fd8205860cbd57eba3b59803c5688a1f417b57d9b65

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 18 Feb 2022 00:43:34 GMT
server
Apache
accept-ranges
bytes
etag
"88fd-5d8402c38485d"
content-length
35069
content-type
application/javascript
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
Apache
accept-ranges
bytes
etag
"232-5c1d9e402b540"
content-length
562
content-type
application/javascript
st_insights.js
ws.sharethis.com/button/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.4
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4200:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 20:07:11 GMT
content-encoding
gzip
vary
Accept-Encoding
age
74058
x-cache
Hit from cloudfront
content-length
7654
server
nginx/1.20.1
etag
W/"61e1c3a9-6746"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=259200
x-amz-cf-pop
FRA6-C1
x-robots-tag
noindex, nofollow
x-amz-cf-id
56XEhZKsgAp53xoeSN3Xf6nkS5a0OSWlQbp0sOfhqN9a1MC9IAbwDg==
expires
Mon, 11 Apr 2022 20:07:11 GMT
sharethis.js
platform-api.sharethis.com/js/ 		184 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-79.dus51.r.cloudfront.net
Software
/
Resource Hash
414363cb8150c2f60382da1d5a33f260caad65a54d6933e6b28534763d388db8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:32:33 GMT
content-encoding
gzip
vary
Accept-Encoding
age
539
etag
W/"2e0e3-tEY0wJEY/wwExgi0NrFi684gQTw"
x-frame-options
SAMEORIGIN
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
DUS51-P2
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
2Lo_VHUmyYofYOrJCMA5tRhFPX52nxpGNZDqgwAAgwjVO3og8I6tWg==
dmedianet.js
contextual.media.net/ 		165 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
34f8112e95fecade5f7bd85c7dd2a01894740d08a105808534f49254a47f9462
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-mnt-h
8-18
content-encoding
gzip
server
Apache
etag
"b3c9909c3b8433f796c50fc6257f17d3"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Sat, 09 Apr 2022 16:41:30 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-10
expires
Sat, 09 Apr 2022 16:46:30 GMT
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Tue, 02 Mar 2021 20:36:48 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"603ea1e0-3cd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
973
expires
Mon, 11 Apr 2022 16:41:30 GMT
jackpos_1.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png?resize=470%2C179
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 3
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"fb3a4c07905b29f0"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png>; rel="canonical"
content-length
19232
expires
Tue, 09 Apr 2024 04:41:30 GMT
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Wed, 10 Jun 2020 20:34:29 GMT
server
nginx
etag
"509a053c355d6394"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length
830
expires
Sat, 11 Jun 2022 08:34:29 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"fbafb4fa36d9fc66"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 20:12:40 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"8daaaf021369fdba"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 20:12:40 GMT
Finland-flawg.jpg
securityaffairs.co/wordpress/wp-content/uploads/2020/12/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2020/12/Finland-flawg.jpg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0cadbd2e8dc217ca19dbdfe30fac1856306657a997560ab2a3a980199eff7128

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Mon, 28 Dec 2020 21:22:48 GMT
server
Apache
accept-ranges
bytes
etag
"776d-5b78ce02e7a00"
content-length
30573
content-type
image/jpeg
antivirus-Android-Google-Play.png
securityaffairs.co/wordpress/wp-content/uploads/2022/04/ 		347 KB
348 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/04/antivirus-Android-Google-Play.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c76cb3955f7e9ad94144cbedd8cfb55feec1f59bb0b142c70f4a743a80532790

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Sat, 09 Apr 2022 13:41:29 GMT
server
Apache
accept-ranges
bytes
etag
"56c66-5dc38de4efdcc"
content-length
355430
content-type
image/png
Honey-Encryption-2.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg?resize=296%2C170&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 2
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"2c6134a6658c63dd"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg>; rel="canonical"
content-length
4416
expires
Tue, 09 Apr 2024 04:41:30 GMT
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1646352596
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6071f4e4c890545ad0f59302890def2aebb273acd131ed7ec434b26dfebad1e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 04 Mar 2022 00:09:56 GMT
server
Apache
accept-ranges
bytes
etag
"237f3-5d95955ab0984"
content-length
145395
content-type
text/css
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"6e0-5dc033b755435"
content-length
1760
content-type
application/javascript
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Sun, 06 Feb 2022 01:02:25 GMT
server
Apache
accept-ranges
bytes
etag
"16d-5d74f097fffee"
content-length
365
content-type
application/javascript
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1646352596
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Fri, 04 Mar 2022 00:09:56 GMT
server
Apache
accept-ranges
bytes
etag
"7c3-5d95955abe444"
content-length
1987
content-type
application/javascript
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3db-526fe6e433440"
content-length
987
content-type
application/javascript
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1113-526fe6e433440"
content-length
4371
content-type
application/javascript
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"1fa1-526fe6e433440"
content-length
8097
content-type
application/javascript
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"a36-526fe6e33f200"
content-length
2614
content-type
application/javascript
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
server
Apache
accept-ranges
bytes
etag
"53ae-5270441274b80"
content-length
21422
content-type
application/javascript
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
Apache
accept-ranges
bytes
etag
"1f6c-526fe6e527680"
content-length
8044
content-type
application/javascript
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
server
Apache
accept-ranges
bytes
etag
"11571-5270441645480"
content-length
71025
content-type
application/javascript
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"2a67-526fe6e433440"
content-length
10855
content-type
application/javascript
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:29 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"c18-526fe6e433440"
content-length
3096
content-type
application/javascript
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
Apache
accept-ranges
bytes
etag
"3225-526fe6e433440"
content-length
12837
content-type
application/javascript
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
Apache
accept-ranges
bytes
etag
"31d4-526fe6e33f200"
content-length
12756
content-type
application/javascript
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		22 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=10.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
12c89195053b32c8e6577a5049ef4b5f6aa0a3f38cc0b87a745dd5fb6d9959cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Wed, 06 Apr 2022 21:42:04 GMT
server
Apache
accept-ranges
bytes
etag
"5610-5dc033b777710"
content-length
22032
content-type
application/javascript
e-202214.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202214.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Mon, 27 Mar 2023 05:14:24 GMT
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cad94f93a2d78e3a73e48f108ee72e70ca034b49b3ec8636b2f6c95d9b3ed9f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
P7Fw8U3R9hgPV9iF+JiZNw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Sat, 09 Apr 2022 16:59:31 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1685
x-fb-rlafr
0
x-fb-debug
SGmgvpDHppU4/CiCX5MgpaUrjcAE4ATBDqQ4eMyhYbpeKp1zwvkEipYKdOQysNmDSLUs10Ak5HZQKfwRW5VjUA==
x-fb-trip-id
917726464
x-fb-content-md5
df6974619a6d6555bb96fff165032b46
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 09 Apr 2022 16:41:30 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"09428ca917fb54ad5f86383f963f22de"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Fri, 23 Jul 2021 22:11:53 GMT
server
Apache
accept-ranges
bytes
etag
"7cdc-5c7d1b0de3c40"
content-length
31964
content-type
application/javascript
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=225d2128214efd4cb439b1095d30ca5b
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
Apache
accept-ranges
bytes
etag
"231d-5a22e60748e80"
content-length
8989
content-type
application/javascript
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
css
fonts.googleapis.com/ 		0
0
pview
l.sharethis.com/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1649522491333.70174&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.2.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.109.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-109-212.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
5b71b64b04b9a500117b1015.js
buttons-config.sharethis.com/js/ 		30 B
424 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:8600:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
via
1.1 6fadd80db8a3a154b0b68f055a91920c.cloudfront.net (CloudFront)
last-modified
Mon, 13 Aug 2018 16:48:12 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P1
etag
"e6e1643313740711175f51662a65b42f"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
max-age=60,public
accept-ranges
bytes
content-length
30
x-amz-cf-id
r3JGJBtulUltKpwR6RW29aIOiYX9M_k23fIq0SdbeW1F2atswrgDhg==
analytics.js
google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://google-analytics.com/analytics.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
5895
date
Sat, 09 Apr 2022 15:03:15 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 09 Apr 2022 17:03:15 GMT
gtm.js
www.googletagmanager.com/ 		83 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a816d49c9f6ba4190a5e8771b2143c63523c2301ac146fdde25c86ed5d8d2758
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32926
x-xss-protection
0
last-modified
Sat, 09 Apr 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 09 Apr 2022 16:41:30 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
last-modified
Wed, 16 Dec 2015 06:58:09 GMT
server
Apache
accept-ranges
bytes
etag
"ad90-526fe6dc92240"
content-length
44432
content-type
application/font-woff
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
jackpos-2.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png?resize=476%2C293
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"1bfd677ee64cb09d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png>; rel="canonical"
content-length
38272
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-3.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png?w=703&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"6fd732d654e5c1f7"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png>; rel="canonical"
content-length
9932
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-4.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"d866ed1aa3640acd"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png>; rel="canonical"
content-length
26432
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-5.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"0005147847f517ce"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png>; rel="canonical"
content-length
25826
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-6.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"576adffd98a4300e"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png>; rel="canonical"
content-length
16334
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-7.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png?w=707&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"eee8bbb3334f3beb"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png>; rel="canonical"
content-length
24980
expires
Tue, 09 Apr 2024 04:41:30 GMT
jackpos-8.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png?resize=1024%2C730&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS hhn 1
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx
etag
"5cf36c42b3a514a9"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png>; rel="canonical"
content-length
141934
expires
Tue, 09 Apr 2024 04:41:30 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
securityaffairs-best-european-blog2.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
x-bytes-saved
103276
content-length
10314
x-nc
HIT hhn 2
last-modified
Tue, 02 Jun 2020 21:29:55 GMT
server
nginx
etag
"c8c3d7b06b174426"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires
Fri, 03 Jun 2022 09:29:55 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1649522491333.70174&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.109.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-109-212.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Access-Control-Max-Age
1728000
Connection
keep-alive
Access-Control-Allow-Headers
*
sdk.js
connect.facebook.net/en_US/ 		283 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=e99e6bbd902197af8d5b13dfcb8dc4ad
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0a07e0b5ee4f65df28e109c0ef5eec58436c39d98523bc17c82ea31bf0469ed1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
WwL6BoBhlLW4Zq8SavlXAA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Sun, 09 Apr 2023 15:07:05 GMT
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
82857
x-fb-rlafr
0
x-fb-debug
2YUNjg0yH2kBoLQkoH9CU3coEdF6Lw0C9GhzAEWw0FJ2aFT5CI6CRcbla92H5qydwZiWTmnoc/Qk+b7qGUEYCg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
3f52ab2ffe27ff3cf5c234c83ea5c27c
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 09 Apr 2022 16:41:30 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"1b66fdaebc41f2dadf98bf3db62985f3"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
collect
www.google-analytics.com/j/ 		2 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=702550463&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ul=en-us&de=UTF-8&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=672179692&gjid=1345753251&cid=135510834.1649522492&tid=UA-59069958-1&_gid=2122932841.1649522492&_r=1&_slc=1&z=691323478
Requested by
Host: google-analytics.com
URL: https://google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
smtr
contextual.media.net/ 		1 KB
694 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&nse=5&vi=1649522490995009911&lw=1&ugd=4&kttle=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20Scheduler&pgid=p1195784307t202204091641&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a8fc3009cffce31aa4dc6fa0eb0faa77646bae543280844fec0d85f2b4d9c6eb
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-sc-h
22-9xvk
strict-transport-security
max-age=604800
content-length
508
expires
Sat, 09 Apr 2022 16:41:30 GMT
checksync.php
contextual.media.net/ Frame 28F3 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0fc0e68089ddb985440dc77a82573458b59327f722b9c73d2753c182f80127b4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:30 GMT
expires
Mon, 11 Apr 2022 16:41:30 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
smtr
contextual.media.net/ 		1 KB
694 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&nse=5&vi=1649522490659305414&lw=1&ugd=4&kttle=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20Scheduler&pgid=p1195784307t202204091641&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d21b696f7f2cf0dc377e392049004f10eb83fd95c899e703af869e6bf5d5ab85
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-sc-h
22-q42p
strict-transport-security
max-age=604800
content-length
509
expires
Sat, 09 Apr 2022 16:41:30 GMT
checksync.php
contextual.media.net/ Frame 77AB 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0fc0e68089ddb985440dc77a82573458b59327f722b9c73d2753c182f80127b4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:30 GMT
expires
Mon, 11 Apr 2022 16:41:30 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
smtr
contextual.media.net/ 		1 KB
695 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=DE&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&nse=5&vi=1649522490272787966&lw=1&ugd=4&kttle=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20Scheduler&pgid=p1195784307t202204091641&nb=1&allsc=HE
Requested by
Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
416aa3c5a81ff9fb364973e1d59414dc13e5194344da0e1898ed33561ab3b1eb
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, no-cache, no-store
x-sc-h
21-5vq4
strict-transport-security
max-age=604800
content-length
509
expires
Sat, 09 Apr 2022 16:41:30 GMT
checksync.php
contextual.media.net/ Frame 31F9 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU5BD6EW&https=1&itype=CM
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0fc0e68089ddb985440dc77a82573458b59327f722b9c73d2753c182f80127b4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
5717
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:30 GMT
expires
Mon, 11 Apr 2022 16:41:30 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?vgd_len=510&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1649522490995009911&ugd=4&lf=6&cc=DE&sc=HE&wsip=2886781041&r=1649522491578&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1649522490183443262&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1195784307t202204091641&vgd_pgids=1&vgd_uspa=0&hvsid=00001649522491571036448888323671&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Apr 2022 16:41:30 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?vgd_len=519&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1649522490659305414&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781041&r=1649522491606&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1649522490183443262&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1195784307t202204091641&vgd_pgids=2&vgd_uspa=0&hvsid=00001649522491604036448888326090&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Apr 2022 16:41:30 GMT
bping.php
lg3.media.net/ 		35 B
189 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/bping.php?vgd_len=519&&gdpr=1&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1649522490272787966&ugd=4&lf=6&cc=DE&sc=HE&lper=100&wsip=2886781041&r=1649522491616&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1649522490183443262&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p1195784307t202204091641&vgd_pgids=2&vgd_uspa=0&hvsid=00001649522491604036448888326090&gdpr=1&vgd_end=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=21600
server
Apache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Sat, 09 Apr 2022 16:41:30 GMT
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=29506073&post=22121&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2820&rand=0.09256019871448773
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 09 Apr 2022 16:41:30 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
js
www.googletagmanager.com/gtag/ 		176 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
10a0a5fe9c7f5950419c869e9be593b0dde7eb3dcd6c832f755af3ba652a8b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
66218
x-xss-protection
0
expires
Sat, 09 Apr 2022 16:41:30 GMT
hb_v2.js
cdn.pixfuture.com/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Sep 2021 15:09:43 GMT
server
cloudflare
age
7709
etag
W/"61533037-84f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjGKDj%2BTzmCvl3nQ8I8TVukHV1OBhxwseWfq2FNfcxIQxljGv85944SKOa9s7Kg9sIVuViscgxzo17xK7TLFyTLaIsNofcg2PJ0od6yzbmb3lFjw96BY0ePLIg33aEFVvU%2BBglEaIPx9303wfINe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Sun, 10 Apr 2022 14:56:35 GMT
cache-control
public, max-age=2678400, no-transform
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6f94b0ce08085a25-MXP
cf-bgj
minify
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe3u0&_p=702550463&sr=1600x1200&_z=ccd.AAB&ul=en-us&cid=135510834.1649522492&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sid=1649522491&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pbix.js
cdn.pixfuture.com/ 		423 KB
424 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
37201
cf-polished
origSize=433266
cf-bgj
minify
last-modified
Mon, 23 Aug 2021 13:19:22 GMT
server
cloudflare
etag
W/"6123a05a-69c72"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7r%2Fb5KJxQy9e0F3iLg8wd0IOpqx8LEK19GiOrki6z8yvIlx4ZNSvrLmBMIFp%2B8qlyyNSE0dvHEqiEL8IIZm3T2EJDUhv8oQzYhH7i2SSAGNDhvAU2i%2BhSmRq%2Fa4tTcU3Z9FoU1aCJ%2BqliGy4du2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2678400, no-transform
cf-ray
6f94b0ce48b45a25-MXP
expires
Sun, 10 Apr 2022 14:56:41 GMT
r.js
aa.agkn.com/adscores/ 		0
185 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.148.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-148-208.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
6cd7f3f18d01a13bc78c9b5f973cbae5e20dbab6893435c59dd7aef57f4b98de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:30 GMT
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
1ae480b451cadee009d6eef362c365565b353008e612c6227f406e363a4c8f61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800, public, no-transform
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:30 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Sat, 09 Apr 2022 16:41:30 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1953
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=XFO1oHxrcXhOMSs1YUdWb3NiS2xRY1hEbXdJWWNGQTlkUnB1dDVCK3NTWTNZUGpvdVg2emxmVjVVTTRZL1VxWmpZcDN4ZWc3Vmg4RVlsSG84L0RkVDZCTkdaNmwxVFpNY0JFRFRwaStubk9hN3N6amQvYnZIUVNjZDk1WG...
344 B
610 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=XFO1oHxrcXhOMSs1YUdWb3NiS2xRY1hEbXdJWWNGQTlkUnB1dDVCK3NTWTNZUGpvdVg2emxmVjVVTTRZL1VxWmpZcDN4ZWc3Vmg4RVlsSG84L0RkVDZCTkdaNmwxVFpNY0JFRFRwaStubk9hN3N6amQvYnZIUVNjZDk1WG82QW0yT25wa2tvM1YwcG9JMmQvaGxFcTJnSFkxL1JyT0Nmc2xVRjYrcUMzVjZEc1RKNEt5U3YyU2w5bDdiSHJWWHpNWDNSeC81N0hnaWpMN2Z0elN0SjJoOVc3amlDUmhiZUVEZU5vcVpkT1RsczhpWUhzL1huNnJlUU4vUDlybFFzWWhwNkdPfA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
c3f289a2ae1d365bc0b265c07f49e8ca46733bb1d9ef0e4a110c60ee4fe27d6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3529
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
location
https://mug.criteo.com/sid?cpp=XFO1oHxrcXhOMSs1YUdWb3NiS2xRY1hEbXdJWWNGQTlkUnB1dDVCK3NTWTNZUGpvdVg2emxmVjVVTTRZL1VxWmpZcDN4ZWc3Vmg4RVlsSG84L0RkVDZCTkdaNmwxVFpNY0JFRFRwaStubk9hN3N6amQvYnZIUVNjZDk1WG82QW0yT25wa2tvM1YwcG9JMmQvaGxFcTJnSFkxL1JyT0Nmc2xVRjYrcUMzVjZEc1RKNEt5U3YyU2w5bDdiSHJWWHpNWDNSeC81N0hnaWpMN2Z0elN0SjJoOVc3amlDUmhiZUVEZU5vcVpkT1RsczhpWUhzL1huNnJlUU4vUDlybFFzWWhwNkdPfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1771
content-length
509
expires
0
529.json
id5-sync.com/g/v2/ 		213 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.36.109.186 , France, ASN16276 (OVH, FR),
Reverse DNS
p06.id5-sync.com
Software
/
Resource Hash
73bdd9d1d875c04c2bb1086bfe890b0e1e33379bb96a299dcb35df05530215db
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://securityaffairs.co
Date
Sat, 09 Apr 2022 16:41:30 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		109 B
545 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8e55ee8e2c9d4e31d463b4dde73978c37da5110984bb9d12a405edf8dbd6c1eb

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Mon, 09 May 2022 16:41:31 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1003 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
02fc216b-a05b-44ab-8a65-3e2b6d4d240c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
4cbff092-74c1-411c-a7b1-6936863997d3
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1003 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
467effd0-8c0e-48be-a5a0-f7771209289b
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
9103b75b-c232-419d-9e91-5257273afa49
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_sync
prebidserver.pixfuture.com/ 		288 B
660 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
288
Expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
510 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
26d332db7632dc593fe9071314ae6f09822dc52eb86c02170a315a9a877a2b35

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
153
Expires
0
hb
ssc.33across.com/api/v1/ 		65 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
78c0c4ed9872507a1c1650c6c3aff48f827f90b9aa292c284bd42d729a9a112d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1649522492272&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.230.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-230-57.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Apr 2022 16:41:31 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
v1
btlr.sharethrough.com/WYu2BXv1/ 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.2.24 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-2-24.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Apr 2022 16:41:31 GMT
access-control-allow-credentials
true
vary
Origin
v1
prg.smartadserver.com/prebid/ 		171 B
560 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
trinity.json
apex.go.sonobi.com/ 		95 B
737 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2212bdfc928c73cb2%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=48aa17f1-856b-4f6d-9eb9-713817b214dd&pv=85736ea7-80ac-4015-9f49-b3b376ffbe7b&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
3b732a2608a1921a51da823f29bdb9f6a7e6a2c1f41f24906282a066dccf3730
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
941 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
4b3754a68b1b29877c15f4d7639b6095029350290b0c5293168f3a921ca94f2d

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=d24cfd08-baf0-4c39-9032-d6a6fcd821fe&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4678352394958085
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
8d67a04d9d51b04da8233d0011d4dc75fb1a8041ba6200e1923c904654764998

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bid
ap.lijit.com/rtb/ 		94 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
1c6908ef211abd0afdd036ce20bd89640e9d0115f47072c667be3e312fa976c3

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Apr 2022 16:41:31 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d24cfd08-baf0-4c39-9032-d6a6fcd821fe&nocache=1649522492285&pubcid=283f67f4-65ed-485b-a052-4d56d0470633&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
c48cb7408eca742f118168ddf702781ed29bb1e78247eb5e0b1a23e951fcfaa6

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
de5409e29ecaf12077419e5ac94c15efa57f5a368126d60f2314a994a9cd3b12
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
218baf1f-6aa8-4c3a-aa83-ddebede64930
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=XFO1oHxrcXhOMSs1YUdWb3NiS2xRY1hEbXdJWWNGQTlkUnB1dDVCK3NTWTNZUGpvdVg2emxmVjVVTTRZL1VxWmpZcDN4ZWc3Vmg4RVlsSG84L0RkVDZCTkdaNmwxVFpNY0JFRFRwaStubk9hN3N6amQvYnZIUVNjZDk1WG82QW0yT25wa2tvM1YwcG9JMmQvaGxFcTJnSFkxL1JyT0Nmc2xVRjYrcUMzVjZEc1RKNEt5U3YyU2w5bDdiSHJWWHpNWDNSeC81N0hnaWpMN2Z0elN0SjJoOVc3amlDUmhiZUVEZU5vcVpkT1RsczhpWUhzL1huNnJlUU4vUDlybFFzWWhwNkdPfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Sat, 09 Apr 2022 16:41:30 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1103
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
auction
prebidserver.pixfuture.com/openrtb2/ 		153 B
510 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
ab1cf1b11f871b5663fd532ee3d7f105a381deb7847e761adb05eedbc3da11a5

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
153
Expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_id5-sync.com=0%5E1%5E&tpid_tdid=319376c5-9625-4c33-b391-6a27fbdfa8bb&eid_adserver.org=319376c5-9625-4c33-b391-6a27fbdfa8bb&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v5.9.0-pre&x_source.tid=5965b5fa-e04c-4482-abb9-e532474bfab1&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8419029007027505
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
bf580a218ae0f1b2c97333597214f8102c8cba257289f8845a978279c9763dfa

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Apr 2022 16:41:31 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
b5ffb395bb9d07af72b3382a34f84fba71999be72d127c083d87c97c86606030
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
092371ef-caf5-434d-9f1b-704ed2be32e7
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		1 KB
772 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
53a95d7f4cf5dc53b4e58936c92fd6a937975b8835b9c528a95c25ccfbf20801

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5965b5fa-e04c-4482-abb9-e532474bfab1&nocache=1649522492362&id5id=0&ttduuid=319376c5-9625-4c33-b391-6a27fbdfa8bb&pubcid=283f67f4-65ed-485b-a052-4d56d0470633&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
781f84be577026800aa10adf6a7f08cae936981272bdb8c22175f449215bb8ab

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		171 B
560 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
content-encoding
br
vary
Accept-Encoding, Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache,no-store
transfer-encoding
chunked
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
hb
ssc.33across.com/api/v1/ 		66 B
149 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
13f0d6723c8ba5f5bff66a29bf4468c75ca84ff96658ed0042c003f5cc584ec1

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
status
200 OK
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via
1.1 google
bid
ap.lijit.com/rtb/ 		94 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.9.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
a344b672c92683117cb63c74c016ff2c88a418ad2fc7fd63c19f4cc8b9826711

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 09 Apr 2022 16:41:31 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
trinity.json
apex.go.sonobi.com/ 		95 B
733 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%224587771cd9d0d97%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=d4854a66-fc5d-4d92-ab2e-eedc885558f6&pv=85736ea7-80ac-4015-9f49-b3b376ffbe7b&vp=desktop&lib_name=prebid&lib_v=5.9.0-pre&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22id5id%22%3A%220%22%2C%22tdid%22%3A%22319376c5-9625-4c33-b391-6a27fbdfa8bb%22%7D&eids=%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%7D%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22319376c5-9625-4c33-b391-6a27fbdfa8bb%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
c32e4a74253f67b2a55112365f9c4b8350a36b17deba1b47c546cd865faf03fb
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
/
hb.emxdgt.com/ 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1649522492366&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.230.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-230-57.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
6273e428b040bbb9a8113dcfa30bdc03d8c3eb2632fbf4f6f5f9153d72ea2689

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Sat, 09 Apr 2022 16:41:31 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
content-length
8230
content-type
application/json
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&eidid5-sync.com=0&eidadserver.org=319376c5-9625-4c33-b391-6a27fbdfa8bb&secure=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
31784946c61ddc4ed4fd773b447de52940b171254d476cd72fde44081d013066

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
62
/
ads.us.e-planning.net/uspd/1/ Frame 25AD
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
c5194cb60c9389280860aca30cbbee122ef98d35bee6cc469588b7ef3c9e4d02

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Sat, 09 Apr 2022 16:41:31 GMT
expires
Sat, 09 Apr 2022 16:41:31 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-602

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Sat, 09 Apr 2022 16:41:31 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-602
pixelSync
pixel.sitescout.com/dmp/ Frame 25AD 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Dfa2cdb69ce172e9b
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
prebid
rtb.openx.net/sync/ Frame 25AD 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Dfa2cdb69ce172e9b%26uid%3D%24%7BUID%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:30 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
iqinsbocbebda6odka3a76p8eibc92gj
ptag
a.audrte.com/ Frame 25AD 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-137-182.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
b0031037dda30edc56bf7bed9af80206b759291f3e403ac5964b1290ac9c7a1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:32 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1681
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 25AD 		266 B
416 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Thu, 08 Apr 2027 16:41:31 GMT
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 25AD
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3Dfa2cdb69ce172e9b
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
95 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date
Sat, 09 Apr 2022 16:41:31 GMT
server
nginx/1.14.2
content-type
text/html; charset=UTF-8
um
u-ams02.e-planning.net/ Frame 25AD
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Dfa2cdb69ce172e9b%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=fa2cdb69ce172e9b&uid=8510518999554731344
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=fa2cdb69ce172e9b&uid=8510518999554731344
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
5.178.65.246 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
41e6cf17-6286-4869-b935-7dea5d541974
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=fa2cdb69ce172e9b&uid=8510518999554731344
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame EB48
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 09 Apr 2022 16:41:31 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Sat, 09 Apr 2022 16:41:31 GMT
location
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
server
AkamaiGHost
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6CD8 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-92.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=67923
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:31 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 10 Apr 2022 11:33:34 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usermatch
ssum.casalemedia.com/ Frame ED16
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d92426579700626cba082d7ffeeb4a71ba4a3da4005a30fded2a0431920cbfab

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1861
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:31 GMT
Dropped-Udsids
241|45|230|39|47|3|195|111
Expires
Sat, 09 Apr 2022 16:41:31 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
345
Content-Type
text/html; charset=iso-8859-1
Date
Sat, 09 Apr 2022 16:41:31 GMT
Expires
Sat, 09 Apr 2022 16:41:31 GMT
Location
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 8134 		1 KB
988 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Leesburg, United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
49
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Sat, 09 Apr 2022 16:41:31 GMT
etag
W/"61ddbb71-5f5"
expires
Sun, 10 Jan 2027 17:30:12 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-rand
58.812
x-cf-tsc
1641922262
x-cf1
29080:dB.waw1:co:1585621119:cacheN.waw1-01:D
x-cf2
H
x-cf3
H
x-cff
B
/
onetag-sys.com/usync/ Frame 51C0 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame C5A2 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b30677bb8f705a0c631465390005591afa8ede8ab844294420167cbd58edcb4

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
6f94b0d65f9b5a2b-MXP
content-encoding
br
content-type
text/html
date
Sat, 09 Apr 2022 16:41:31 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
usync.js
eus.rubiconproject.com/ Frame EB48 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
8558f0065e6626134905a7421f31a12c4ae038e1a4adef70c1752489ef6cdb2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=50242
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Sun, 10 Apr 2022 06:38:53 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 6CD8 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=32521633&p=156631&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
ea48132f749efffa965f9084281aa98544379d9fb430e6cc441b6888546b8413

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame EB48 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=12186&khaos=L1S33NXA-X-CCC5
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif
getuid
ib.adnxs.com/ Frame C5A2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame C5A2 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=f3d22f60-eb70-4926-9344-0ae9dff92b2c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=f3d22f60-eb70-4926-9344-0ae9dff92b2c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d83c6b5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=f3d22f60-eb70-4926-9344-0ae9dff92b2c&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame C5A2 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df...
  • https://mwzeom.zeotap.com/mw?cid=319376c5-9625-4c33-b391-6a27fbdfa8bb&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=319376c5-9625-4c33-b391-6a27fbdfa8bb&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d719905a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=319376c5-9625-4c33-b391-6a27fbdfa8bb&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame C5A2 		0
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-vcl-time-ms
30
date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 varnish
server
nginx
x-timer
S1649522492.158203,VS0,VE30
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-mxp6960-MXP
u
dmp.v.fwmrm.net/ad/ Frame C5A2 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:e61:3f02:77d9:b48f:f0d0:e412 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame C5A2 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df0174930-1ab8-4528-6046-6b798887b0e4%26reqId%3Df8d49230-92b1-4978-70db-63adb58ea8c8%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=d8a67105-0d96-4d59-94ed-d3e1d3636bf1&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=d8a67105-0d96-4d59-94ed-d3e1d3636bf1&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d87d1e5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=d8a67105-0d96-4d59-94ed-d3e1d3636bf1&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=f0174930-1ab8-4528-6046-6b798887b0e4&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=f0174930-1ab8-4528-6046-6b798887b0e4&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=62323517783589047982982618089287176966&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-...
95 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=62323517783589047982982618089287176966&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d89d595a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-2-v030-0ef62c210.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YzuQQv3tRsk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=62323517783589047982982618089287176966&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame C5A2 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=f0174930-1ab8-4528-6046-6b798887b0e4&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022040918-46609-0.731361001649522476-db2422a9c391225f76dc1d1b5b3cb6be&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022040918-46609-0.731361001649522476-db2422a9c391225f76dc1d1b5b3cb6be&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d85cc15a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022040918-46609-0.731361001649522476-db2422a9c391225f76dc1d1b5b3cb6be&zdid=533&env=mWeb
Date
Sat, 09 Apr 2022 16:41:16 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7084645157161400465&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7084645157161400465&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d86cfb5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7084645157161400465&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
receive
pixel.tapad.com/idsync/ex/ Frame C5A2 		95 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=f0174930-1ab8-4528-6046-6b798887b0e4
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0174930-1ab8-4528-6046-6b798887b0e4&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=f0174930-1ab8-4528-6046-6b798887b0e4&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=uC.ALBEAEdj5jKTqH7dpRO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-49...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=uC.ALBEAEdj5jKTqH7dpRO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d89d5a5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
last-modified
Sat, 09 Apr 2022 16:41:32 GMT
server
nginx/1.18.0
location
https://mwzeom.zeotap.com/mw?webouuid=uC.ALBEAEdj5jKTqH7dpRO&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame C5A2 		36 B
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=f0174930-1ab8-4528-6046-6b798887b0e4&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.80 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
content-length
36
content-type
image/gif
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=f0174930-1ab8-4528-6046-6b798887b0e4?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=f0174930-1ab8-4528-6046-6b798887b0e4?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d93efc5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
cache-control
no-cache
x-server
10.45.8.254
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-CdDaU5hE2oqzROnYdxyXxVUCFxoj3dxSVg--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-CdDaU5hE2oqzROnYdxyXxVUCFxoj3dxSVg--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d91ec25a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
http/1.1 spdc0105.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-CdDaU5hE2oqzROnYdxyXxVUCFxoj3dxSVg--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=3qhONQL5KXYqPluKo%2Bilm1F521Bp0UXt%2BS41iYitP1U%3D
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=3qhONQL5KXYqPluKo%2Bilm1F521Bp0UXt%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d6f92e5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:31 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=3qhONQL5KXYqPluKo%2Bilm1F521Bp0UXt%2BS41iYitP1U%3D
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
usermatch.gif
beacon.krxd.net/ Frame C5A2 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.40.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-40-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
private, no-cache, no-store
x-request-time
D=42 t=1649522492
x-served-by
beacon-n003-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame C5A2 		95 B
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.149.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:31 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YlG3PAATV341YQAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63a...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YlG3PAATV341YQAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&_test=YlG3PAATV341YQAy
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0d9c87e5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649522492.415310,VS0,VE0
x-served-by
cache-hhn4071-HHN
x-cache
HIT
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YlG3PAATV341YQAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&_test=YlG3PAATV341YQAy
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=af476251-b73c-4000-9774-8360e728a3e2&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d4923...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=af476251-b73c-4000-9774-8360e728a3e2&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0dc7f3e5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
MT3 4335 2c68c00 master cdg-pixel-x13 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=af476251-b73c-4000-9774-8360e728a3e2&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Sat, 09 Apr 2022 16:41:31 GMT
usermatch.gif
beacon.krxd.net/ Frame C5A2
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58e...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
52.208.40.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-40-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
private, no-cache, no-store
x-request-time
D=34 t=1649522492
x-served-by
beacon-n010-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
date
Sat, 09 Apr 2022 16:41:32 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a002-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame C5A2
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-604...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-604...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FK9F13A3YQGWVKY213YP
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
SWPYZABQ6YAX1XGRA35A
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=f0174930-1ab8-4528-6046-6b798887b0e4&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame C5A2 		0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=f0174930-1ab8-4528-6046-6b798887b0e4&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-42-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:32 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame C5A2
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Df01...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6f94b0da9a785a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
date
Sat, 09 Apr 2022 16:41:32 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame C5A2 		557 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38b4ba470057e4304acde8a65bf75faeb4053c6b14acc0adab47e5ef75dea7f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

cf-ray
6f94b0d6e90f5a2b-MXP
date
Sat, 09 Apr 2022 16:41:32 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
pixel
cm.g.doubleclick.net/ Frame EB48
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzM2YjQzOTllMDM1ZDg3ZjQxNjQ4MTMwY2ExODdhM2Y1YzE5OGVjMw
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzM2YjQzOTllMDM1ZDg3ZjQxNjQ4MTMwY2ExODdhM2Y1YzE5OGVjMw
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzM2YjQzOTllMDM1ZDg3ZjQxNjQ4MTMwY2ExODdhM2Y1YzE5OGVjMw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame EB48
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Vis4i1GcS0GVos2lgSYqzQ&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vis4i1GcS0GVos2lgSYqzQ
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vis4i1GcS0GVos2lgSYqzQ
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
W89V5AB4PH15QMM2C5M8
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Vis4i1GcS0GVos2lgSYqzQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame EB48 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
rubicon
match.adsrvr.org/track/cmf/ Frame EB48 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ecm3
s.amazon-adsystem.com/ Frame EB48
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=zL56AkPNSwun0Hr3Y6Rmxw&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=zL56AkPNSwun0Hr3Y6Rmxw
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=zL56AkPNSwun0Hr3Y6Rmxw
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4WXFKYM3C92BQ5E4QABQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=zL56AkPNSwun0Hr3Y6Rmxw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame EB48
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/wgKOs5ZkxvZang6a1xtGhw?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5241790954741141273
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5241790954741141273
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

date
Sat, 09 Apr 2022 16:41:32 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5241790954741141273
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame EB48
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFTMzNOWEEtWC1DQ0M1
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFTMzNOWEEtWC1DQ0M1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFTMzNOWEEtWC1DQ0M1
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame EB48
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDWKs3v2MCDbF7QKUIBI9j8&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDWKs3v2MCDbF7QKUIBI9j8&google_cver=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEDWKs3v2MCDbF7QKUIBI9j8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cmp
spl.zeotap.com/ Frame C5A2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
6f94b0d80bf85a2b-MXP
date
Sat, 09 Apr 2022 16:41:32 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
via
1.1 google
cc.js
tags.crwdcntrl.net/c/15238/ Frame 25AD 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.115.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-115-87.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Fri, 08 Apr 2022 18:18:00 GMT
content-encoding
gzip
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
80613
etag
W/"2b2f816f40499d384e118ce88a266e02"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 f457b4e0db5ab2b66536f068ee4589c0.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
TXL50-P4
x-amz-cf-id
3n3rjydFcV1e7vrshNoNuEyOOca7XfY98hKLQZjBCwHQjj0vfZeDAA==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 510A 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.253 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Sat, 09 Apr 2022 16:41:31 GMT
etag
W/"601b131c-27c"
expires
Thu, 08 Apr 2027 16:41:31 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
setuid
prebidserver.pixfuture.com/ Frame 9F93 		0
524 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com:8000/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ANpiMr%2fD0KRIDjmb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:32 GMT
Expires
0
Pragma
no-cache
Server
nginx/1.14.0 (Ubuntu)
Vary
Origin
dcm
s.amazon-adsystem.com/ Frame ED16
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
54100AAB7GHJ9EQ3R61E
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
CGPNNKNWJY2SEK949DS2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame ED16
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YlG3O8..O3n0hOcaloMf2gAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&gdpr=1&google_hm=2
43 B
1000 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&gdpr=1&google_hm=2
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:32 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&gdpr=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
341
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame ED16 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YlG3O8--O3n0hOcaloMf2gAABJIAAAIB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame ED16 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame ED16
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=7uSuhjaM1NDe9u5&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=7uSuhjaM1NDe9u5&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:32 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:31 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=7uSuhjaM1NDe9u5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame ED16
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=a6986251-b73c-4300-a637-e6ce051086ed&gdpr=1&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=a6986251-b73c-4300-a637-e6ce051086ed&gdpr=1&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:32 GMT

Redirect headers

Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
MT3 4320 2f2dfe5 master ord-pixel-x8 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=a6986251-b73c-4300-a637-e6ce051086ed&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Apr 2022 16:41:31 GMT
crum
dsum-sec.casalemedia.com/ Frame ED16
Redirect Chain
  • https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-7a17d7d2-40c3-4ea9-9d78-99ff217d0de2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-7a17d7d2-40c3-4ea9-9d78-99ff217d0de2
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:32 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-7a17d7d2-40c3-4ea9-9d78-99ff217d0de2
date
Sat, 09 Apr 2022 16:41:32 GMT
server
Apache-Coyote/1.1
content-length
0
match
c1.adform.net/serving/cookie/ Frame ED16 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
um
u-ams02.e-planning.net/ Frame ED16 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=fa2cdb69ce172e9b&uid=YlG3O8..O3n0hOcaloMf2gAA%261170
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Dfa2cdb69ce172e9b%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
server
openresty
content-type
image/gif
GS.d
js.cookieless-data.com/ Frame 510A 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1649522493440
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.129.3.113 , France, ASN12876 (Online SAS, FR),
Reverse DNS
212-129-3-113.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:32 GMT
Server
nginx/1.20.2
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 10B1 		115 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b54e0a2c47c0b040938b3f82d49b0a1e252d5ea8ea03f8f078509d62bae39da9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40146
x-xss-protection
0
server
cafe
etag
4443373551803441044
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Apr 2022 16:41:32 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:32 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 63CD 		115 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
231cde721cecb243d0718a1e262f704a8f5dc8aacba3411b60e848fafecdcd61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39999
x-xss-protection
0
server
cafe
etag
16669440424417556032
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 09 Apr 2022 16:41:32 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:32 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/ Frame 10B1 		301 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b38b16469af42a9ac6c8f858f28f1d6c386a1b78da8a3c61f62e87a3b6e9f37a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110328
x-xss-protection
0
server
cafe
etag
14641304765675448842
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 09 Apr 2022 16:41:32 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/ Frame 63CD 		301 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1eaf36dc9d282d821d2391a84caa90b4cc9321f0f6659c3a14ca49fa4ac7d6db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110208
x-xss-protection
0
server
cafe
etag
6845028397173325010
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 09 Apr 2022 16:41:32 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 63CD 		222 B
648 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
2009947877d98642a916b7c0555efc42b0e304c165115cdb8110efa157fbac76
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
204
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 63CD 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 63CD 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame AFE8 		17 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c945d44fc78dec7cc962526403d9959c843dea4ba8c6b9dcfc7a24c7a14b7b8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9322
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 10B1 		222 B
271 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
d8e7863065ea0936edb79b6e343bcecc86faef68430b0212d2c4761c87616c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
203
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 10B1 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 10B1 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6DEA 		17 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
740c247c9bd5a999ef41802b7a0f41840748fb05178ba1f7b2a5100fc5f52d62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
9430
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame AFE8 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bl2FCiyxa4JIqG9DF0qXWRlScJkHMdPgvdtYtptkoKwBgXxDqwsSS962P1vED_RBe9M4bPVzJsWP7b1b0LN2Y7uxTR1j4IZpiPpcoZH0Mpyq_Zfio
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame AFE8 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:34:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
397
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:34:56 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame AFE8 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36932
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649247338736001"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Apr 2022 16:41:33 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame AFE8 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:40:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:40:01 GMT
l
www.google.com/ads/measurement/ Frame AFE8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQ4qBgug2D60sINqPcpe4R78dTzS4gjSOKvbDu6oDSp-dPVMD2o6CsrEtYHV-DnRftxYkrGJ5mi2Q-gjjLygmLhk1Rxw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
pixel
googleads.g.doubleclick.net/xbbe/ Frame 5809 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame AFE8 		60 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7461039f806f3ed7a92bb0fd8f019f7c5623f9c2ae0e383076006685d7bbb14f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28433
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6DEA 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D9NUcxDEs3wnwawJaFhrzoPk3B6uU547y_lQ1YpELOd1ub_OOCHNDc21AKWOUIQyce9GwY5rw_uNatel9snkVN--Fr4faQ4ulD6pXGCVnKL52B7Yw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 6DEA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:34:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
397
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:34:56 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6DEA 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36932
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649247338736001"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Apr 2022 16:41:33 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 6DEA 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:39:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:39:27 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 6E18 		640 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 6DEA 		76 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQ8LFn4Qki692RI0V3kq7amDs9IQ9LSh-SaXZXqJLCWD31HqBY5d8E0T4IUUYNLlLpnQanF_4MC1Rrv9amQrKj1I4K4pQDzGB2c-RsJO3CvWWKazIGUDR60ZCfs7nnmIqqhNAEhJhjSu_DKvspgBu8-gW_ow&dbm_d=AKAmf-Dq04qy4VJZwUhu4jeRhT9onC77HahqYdhLMbwWA4fxKQu8Sv4Ojp5RuEitI82Gx5Yh76DyWSjx3l7ftiOlxNpiGuqHfQybFBD4UiP89QkxdVOcEk3mtEnCXyK_RxGy4k7oytulJMdDAsPmX5Z_qHPCqWzdi3pyeYXxUzfRwwZpZeyBh3moeyu_SC9-GdFJnqDD3EpZVW2w58iwAASmh_OJe3QzCg-B6M0TYZOBkJgn8KXnPKmVd5douZFLuehsNI2QASgWkLtBLrTPehrTuSQpmRrNgjce2KZiN0ZXS5m5DLY2FGLWbZmeO81ci-k6tVsKWfM6Y7UrA0TKkH9rZOAOVzRIpG9lNiJ6vsHbjBIX51EapN2ZhgTBZNPgTGYHFj-GhGX-2duTFOfpA5s9VLu7puST0lhSbB3g0jQ_jyZ71ZoofaECwNTNjWRRggbC7IUcC_aMEmO2EBF-DtnwggeOYQhcWgNcyJg9pe6FRFP0gWjTNyX3LUUav1rLGj7SNWCsE1YbFZi4sLZRx_sQk2Il-tP0tuYUtCsmMKztSPQjnqR1j40v9xCZOuD4Gomfogg9K_zm49oXtmZEds3MdhXoIzJe00HLMrs5jvL_a892c8gfdJT_7t-bx4m0itQJ_WdLGiXQXot8h01S145jtNCkIkg8pKC2J2BgCFg6MIYA4T55-pK-CgizKmSDcy-yPu2frHAiDn5IrPp1SitwuFfehah9z9IM32SS1V59ooqAJeGYRwQws0uM-gbMI2MAw3zSSsugPfXvd5fNBBTIXZUSvwdl3EnbDQIBVeTXAvIUJ0WIrAc4YrGPgj2K3BT_T1Q4Hv-w_h6EjjLf9SO5jZZfB8sPSts9uyrPm6kPMchVxftb1dzt9dwgHSTMa4E3YRR3QluRfNnqXTDsSs87XtmEuZC-x2YAczYYSH76ZrJ3kQ4lpjttXFRdNa7R_BFbQEZFU_-f25gsxGJ1bPeEJvSOngozF-0MQCJdYYfWbNMGDiuhqPHWgKDmWkBnrZukCn6guZ-ddN4H1ppYRn2ZkRzrn8eJbltGZqqZ-k34LuWV4q9sw9SKlQ0lcfrcOgM7A5ZeDvyxZq4JQtHm8ec6GDGcSduEXyH_YVBMIy5nWE2awQcdeEjEhvS3o7iTB5yrOaRv1jKpDwVlu-OIdazNAi41UIXUfK6z_2LTabdB05vU7Lk4D2xM-Bd6-nEzSvgkeWMSExZD_MdN8-p_FUD3rB0UA6jWnskpHOKcB2o0_vVdr4MjrMOaC1H9Enj1R0GWzbhXoGM2o17m9w_-oKe0HnZ_M8HtQDeG53mWJGD1hbqbag1p3J5wCrYSWP74PGKc-XuL-LvCoC2rKVs0iGyKjxjn1IlvczfZBevyTLJV1bIZ0QsRoylrWdf8ZQoAVTasQWdZYgvrPnEqWkbSpmOErxxD5wKCGCqjMKIVjh8_1zwNnmKF9bwp3vxmCTKO1kNCBYHnj_zXm5Pgn1wPyHfXBSsGSobn3E5DjXI2bsuvboVaRO08N-V3bJQwuIgWqh-hT5Cluu5AOlxXTN7wldH7PT8e-xbIzBDFBW3uDXSPUALhEInXP1rkC8_AE176_GSxFYrjBuEdqbeKLQOEeOKW2Ulp8IbuwC1Se1n-IQDuxHB8MIrqQA86Bb9aXkPZsrs-1Cx9Ga5cZpwYYGQL7vGUbYJOKCKl8S-ikOjjmlXuCACWCWWbrfLX7ZQg--KK4gHj4MOaEnVd80NcKys6qLjl0klleVOgK2dyBqL65AAEGmU8e9Zt0LVhkkNJoJAC1Z0OGaQ6Gl3yB0e0__BmXqKvFTHAKMjqJzmHOE_WFD6m-3q89TZOf521IN5G1fwpsYMH0sA1MZ5nwC14_9RJiJfUx6KWdK_Ynjb6jDQfxB6vPOPUE-8CGxUR7COGc8AfW076Zq836okMdgoK6pT95vyBRd1ifTiEeUdwSw-ZVW6ia8fn9BjtzZoEQULT1riu0XVNZkdufH1fe-_PCO6bCpxKqptsHGTu5ZSO4bEPLJnWI95U5u1Hrc8EWaRQ83fpI7phroqaJLX-SURiOKJkakHL08Wc-iH4y_vvcygqvDwBPYN4oLlRxkQwTPMba8UJ6HmV_5KT-GcFF6tdZgGX0Wk-9UgIJb-Yln7tKRhPn1K4CpJmLaWmXurLIoZdrB1vecWxQJVAKE5TlbegNi9K_LHqm4Dw1GEGtN7B61DWjlv9TjTJmG4OEn8U08CzYd1v1tkm8-0Eu1LHEdaDGbvq3Zj13L4CpuU1M-wjfTry_08fbUKDSxgtI871YLWSOIna2bShnUK_Jedl-mTsSu18mtrO_QN1LYlecCPSi1RdjAIStZlqrZ7PO5NyY5d1vWe63oEPaech_y0s8ZK0nlgji2o-dpGzraschT-Hz6WCZamrDsV-yRpsV4og-HYccemjVBbNJ8qlex_QAhgt73Fm8qwb3XOmEyz2X3Ao5NA-FNbIkPdDsEGeH93yENp0jUGjf5x26iiiWHpWmO2bspibIFGuYUDY42gjS_QY4MXziETLiAleo8i9gC49bxOB1RGq21uPIioP3ghXLn-9XOUo9r6XVwcqNVAZa_WwHRsq2dtKFl180Pd3eBHjBifhtoqNFKNtReTe-8zUNPvugHxpGfn7VGX3nDvmhG-5eCJZ1HCDu_A8eSLSVG14NY2s0ajHaLmchbM_OqA9g2vrxSwHxHi4dnSWREDlvhn16wbBm7Md3Wp7as3qTUE4ZfDWKs8MvoIjGL_w9xbQeKl8f5BDOTLd6iy7qxG2EkDsDqR60B9g6J5pUwuwexZY5DcDg1fJL8_UcBVvK8fgG28BbDh8LjmTHlH4KV9lMwQe_BgADu2gh9TRCRWnA5pc9dY2Leu2V_Pzf37btILmYM0weCRGszQB8mmM3cN8V3bLC_XQ_tAOYPiIcWwIupVQZYiH1tQrf3nKRYoKp4cq-DrLMhOQxx2K4Iqa7V4w1lmKMnw1EedkOjeG1e01AfWF_npS5rSJsdRsyOc1LRCZLkRd9YR4_Lz9ytjUONYcXH0I2WHJmNJsjJQvqj4Hu9FG5In2MyRW-8Pcc3H5bymZ9Q-WEj5h04WM42AVp_YTlpscb6D4ZP1uxsdtSzx28tPu2WZ68wOuDUHhphr-HD2LYrSUx9Nr2NhtxOPGTni5ojyvYWxkg5jmhTmQj398N_0&cid=CAASEuRoPPsL3gcUO66xNgJYzlI7BQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2161be8fcae33d1ce2d747dee6ae80abe1fae6d936d50c10ca2dab7ec43333c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32569
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5809
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:33 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5809
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YlG3O8..O3n0hOcaloMf2gAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&google_hm=2
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Protocol
HTTP/1.1
Server
2.20.85.164 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-164.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 09 Apr 2022 16:41:33 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMFF3jE5YOcbQGGZRjO2nHU&google_cver=1&google_hm=2
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 5809
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESECsLCWKpJpf5waZ2hGatKCQ&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESECsLCWKpJpf5waZ2hGatKCQ&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Protocol
HTTP/1.1
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
de370dfc-fae8-498a-9706-1825c3062627
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESECsLCWKpJpf5waZ2hGatKCQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5809
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODUxMDUxODk5OTU1NDczMTM0NA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODUxMDUxODk5OTU1NDczMTM0NA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEYnInpvAEwAQ&v=APEucNVSpMd7VFVxJNk4Fw7ebPl62m6HNTdt4e0K9WVmbQYGAtrwzFNka8ANOLNa_zBY3GrRTeuXVxf2gQ8aJBTucYDZFB5bsKIZg8KnlFBYa-vIMaM1GIU3hQxVMLk40stix0S11RViD4q1yeJ85uAvojp1fvt1k2nvG5D_CwhiHYRpvKbvFGF0tlUA9-BWHaldomf4sy3Nz-SGfiS2bQq21fCBu1vsHA
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
cd7818c5-5b3e-4c6e-9c8d-9b1dae6e0e1b
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODUxMDUxODk5OTU1NDczMTM0NA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame AFE8 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
738b0dff97289a490e0472cca7d25e291a7ea70c850bfee1e264e9ad87a4a97b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
186
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9790
x-xss-protection
0
server
cafe
etag
8169034061967891973
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:38:27 GMT
9242723511236791065
s0.2mdn.net/simgad/ Frame AFE8 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/9242723511236791065
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1a5b2672823a1a10d7ae5c4af371d3a09598d1c2815c8b09cb258bd17bccf96e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 01:27:38 GMT
x-content-type-options
nosniff
age
400435
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36055
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 01:11:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 05 Apr 2023 01:27:38 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame AFE8 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
427
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:34:26 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame AFE8 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvA6fjrTS7-_SbXOBccDWEB4uIlPC9BZX0E5LmGcqVudDzF4JKZrXdIobspCPljEgcflJyEZaY1FEVxDWlVsAw0ICtNIb23euLHC-C85smSr2of5llO_U_PzY2sY8jBgf7Q1wdKtDW6jmHoNDlwje_Vn28EBovUzcmhF8C4MDpASWekOhl6Rja2ea8ZqjDdmzvnNrhz_RxX8GAcK0_o8T3VUzxcjdZ4In5kEzCIGUQQXpxL25mVZEtvSvrozd1T3EymAWrkP84g-jro-kugSxh_wJrOZXqD6SVCJ0MO-8mEpNeegKkFUhjgk5lM1SuRV1q1uVI-OqKu4ndP1UioYtpgpt8k8crVlzKhA0klv_dj6uuYXF9m6OK5exC7Snmft2ghGuq-XmAWsero77xcIEmqNDh93Fv5boou642o7tRJwKlUfuOpeUfQt0XDtDnj39xPgYnmk86JK4hk0Wxbo_mbgcb0G081w0KPFfPEIebp3ULsqT2mSq10OdUvDlsrPd1Ul7O90DwkaPMnWfJm2klhb2HdC7H_PE3AaEXFAaFaLVGqTuIcKsZXgIsJM2kQCrJlXdFNc10_CW-T4qZ4QxdPLtoo8LxjCSG7KUnqt4XnEd5sImdy4b6HNEXXfOifWJ78UKt06gF3gkljNQqXhdyanaxMG86HaP1vIL-ec8e53x7hZwBiG2P1FtLk7ZZ5Zhvx8a7ctODNWp04GDN7JZopEXcUX9nRa1MaeU7-dF094ugmdmqxO8EJSMWt-SyHSLGesrwFPzUZ30yzooEwQjq1EWG71ZQdFaaZMAbsHc1CdUoH-9RNs49TRSTrrSeZPZdS70yOd1H8NFaUplYVRQTCX5fuxVwKK32JnpOVV6canfy_rOgSCLekUWeRMEFoBugDYSns3vK__GPvouiFFc1K3-hgjjU28FD-xPVrmR-D929WVSrq34tM0bt7X803PX-OI5oRTo8eiG9vj_lZKsh0iS75GXDAalLVdU7UCB1K02Q62tug_R4s8XxbUE7Do9QaBul_B-JS-DnTlVS-b3iGZfkVez6MlVJnDgFnscfnGmdRTUiOLk4eZNt2WADZIbjmnSzhOCioVT_EhMkJJhCHOuEpIXPtiusaXmDfUOGsAgE4EVWtzUtrcxGcekQSMr9s0aNAYTiGL3G5xxfg6DZHQIf0tco0BtT0TkbcM_RSZoq-m15UP463j-CsK6ixHCu5vb3V&sai=AMfl-YSouh-azhLQrMz7AhxyTYw70qGSUIXhddPupA6EoVw142QbKeSy83QyYjA7J_8ER6ixFeIEmF3K0wSLwvKJUektG20VYUTXqQ0tt4sTggy-vzfqvsnnkuFI9TFEV1ABUTBVO3ZyuZAuT_i0Wa_hYPGrlnBfHg&sig=Cg0ArKJSzHsLtXBETxGwEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220406.35291&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame AFE8 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 20:04:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
247052
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Apr 2023 20:04:01 GMT
i
cdn.bizibly.com/ Frame AFE8 		43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/i?v=10214551&a=514567931&c=162591625&s=6140839&p=322265060&m=0&n=1569304970
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (lhb/63DD) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
last-modified
Thu, 07 Apr 2022 02:55:01 GMT
server
ECS (lhb/63DD)
age
222392
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
sd
us-u.openx.net/w/1.0/ Frame 6E18
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAdqYe4TI65ChIR9c_Zfe08&google_cver=1
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAdqYe4TI65ChIR9c_Zfe08&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEAdqYe4TI65ChIR9c_Zfe08&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 6E18 		43 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 6E18
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEAssLOtB3XtKLEmLKiwYk1U&google_cver=1
23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEAssLOtB3XtKLEmLKiwYk1U&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Protocol
H2
Server
104.92.106.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-106-130.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 09 Apr 2022 16:41:33 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEAssLOtB3XtKLEmLKiwYk1U&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 6E18 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7oDTtQEwAQ&v=APEucNXfsGWZsWp-MWE1J8zOOtXka5TKcQ_A9haQCuyUwxgaF04ijuz4tMn9hwkzILwcQbVCGXkZ--BWQXvB-VyE7_9VzuL_1c6p_6JbVLnW4Tn3FiHdOGMkZ5Lppb5lhrFrBcwIi0PeHT7JMkah5QDQjyCq_xz8Z9V94NL8ifpGf5CSUkrMjQ5wsvdbLfPWa6aShhrGuQk5e5WwikCbRpIc4HIsLHeKiQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.92.106.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-106-130.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sat, 09 Apr 2022 16:41:33 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 003D 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
38869
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Sun, 10 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame AFE8 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
00a1da9e7f9199ebe8d743499cd7fef4d18cfd0ae182c5cfaa20ab91625a2b13

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8062 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
247052
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Apr 2022 20:04:01 GMT
expires
Thu, 06 Apr 2023 20:04:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
match
c1.adform.net/serving/cookie/ Frame 5074
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame C4C6
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YlG3PAATV341YQAy&gdpr=0&gdpr_consent=
1 B
392 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YlG3PAATV341YQAy&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 14:41:08 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug008:0:656

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Sat, 09 Apr 2022 16:41:33 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YlG3PAATV341YQAy&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4071-HHN
x-timer
S1649522493.285343,VS0,VE0
Pug
simage2.pubmatic.com/AdServer/ Frame 31BE
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:af476251-b73c-4000-9774-8360e728a3e2&gdpr=0&gdpr_consent=
42 B
514 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:af476251-b73c-4000-9774-8360e728a3e2&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 14:41:26 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug019:0:413

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expires
Sat, 09 Apr 2022 16:41:32 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4320 2f2dfe5 master ord-pixel-x30 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:af476251-b73c-4000-9774-8360e728a3e2&gdpr=0&gdpr_consent=
redir
rtb-csync.smartadserver.com/ Frame 3F96
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFVF8wN0VvMjRBQURYZUZPeEM4QQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAET_07Eo24AADXeFOxC8A&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAET_07Eo24AADXeFOxC8A&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAET_07Eo24AADXeFOxC8A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
43 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAET_07Eo24AADXeFOxC8A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.132 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Sat, 09 Apr 2022 16:41:33 GMT
transfer-encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sat, 09 Apr 2022 16:41:34 GMT
Server
nginx
location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAET_07Eo24AADXeFOxC8A&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
strict-transport-security
max-age=2592000; includeSubDomains
bridge
cm.adgrx.com/ Frame 2FB5 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.206 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Pragma
no-cache
X-RealServer-NX
ams-delivery-4
server
Cowboy
usersync.aspx
dis.criteo.com/dis/ Frame 583F 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
Sat, 09 Apr 2022 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
603837
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
141
match.deepintent.com/usersync/ Frame EB23 		0
44 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Sat, 09 Apr 2022 16:41:33 GMT
server
b
Pug
simage2.pubmatic.com/AdServer/ Frame B5A5
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=662108089712
42 B
359 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=662108089712
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 09:12:20 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug024:0:524

Redirect headers

access-control-allow-origin
*
content-length
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=662108089712
Pug
simage2.pubmatic.com/AdServer/ Frame 11A9
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7uSuhjaM1NDe9u5&gdpr=0&gdpr_consent=
42 B
367 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7uSuhjaM1NDe9u5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 14:50:15 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug020:0:442

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Sat, 09 Apr 2022 16:41:32 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:7uSuhjaM1NDe9u5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
i.match
s.tribalfusion.com/z/ Frame 672F
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
415 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
6f94b0e0e8c73756-MXP
content-length
43
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 16:41:33 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
6f94b0df9dcf3756-MXP
content-type
text/html
date
Sat, 09 Apr 2022 16:41:33 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
1569
noop
px.owneriq.net/ Frame 6DF9
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/noop?ct=image%2Fgif
0
287 B 		Document
General
Check archive.org
Download Go to
Full URL
https://px.owneriq.net/noop?ct=image%2Fgif
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.91.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-91-221.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Sat, 09 Apr 2022 16:41:33 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sat, 09 Apr 2022 16:41:33 GMT
Location
https://px.owneriq.net/noop?ct=image%2Fgif
Server
AkamaiGHost
Pug
image2.pubmatic.com/AdServer/ Frame 830A
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fbc17853-c966-4aba-a655-35b323199b22
1 B
87 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fbc17853-c966-4aba-a655-35b323199b22
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 16:41:34 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug026:0:412

Redirect headers

content-length
0
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fbc17853-c966-4aba-a655-35b323199b22
strict-transport-security
max-age=15724800; includeSubDomains
services
sync.technoratimedia.com/ Frame 6240
Redirect Chain
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
  • https://match.bnmla.com/usersync?dspid=6&uuid=363B886755E84EE2BA063EFB46881D49
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
132.226.63.138 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
POST,GET,HEAD,OPTIONS
access-control-allow-origin
https://ads.pubmatic.com/
age
0
date
Sat, 09 Apr 2022 16:41:34 GMT
server
nginx
via
1.1 varnish
x-varnish
773944499

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sat, 09 Apr 2022 16:41:34 GMT
Location
https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
Server
nginx
pbmtc.gif
beacon.lynx.cognitivlabs.com/ Frame 8BFB
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=34e415d5-1158-4e3b-a4f9-eff6a566833e&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
42 B
354 B 		Document
General
Check archive.org
Download Go to
Full URL
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.210.33.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-33-215.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
42
content-type
image/gif
date
Sat, 09 Apr 2022 16:41:34 GMT
server
Kestrel

Redirect headers

cache-control
no-store, no-cache, private
date
Sat, 09 Apr 2022 14:41:00 GMT
location
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug018:0:368
Pug
simage2.pubmatic.com/AdServer/ Frame E870
Redirect Chain
  • https://docker.creative-serving.com/cm?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=${UUID}
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
42 B
187 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 09:21:57 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug025:0:592

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Sat, 09 Apr 2022 16:41:33 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NDYmdGw9MjAxNjA=&piggybackCookie=aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
um
u-ams02.e-planning.net/ Frame 95F1 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-ams02.e-planning.net/um?dc=a208d9366469aa64&fi=fa2cdb69ce172e9b&uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Amsterdam, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Sat, 09 Apr 2022 16:41:33 GMT
server
openresty
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6CD8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZzdHH2p_Ty6eQAYkXe0_5g%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-92.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=67921
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Sun, 10 Apr 2022 11:33:34 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
420486.gif
idsync.rlcdn.com/ Frame 6CD8 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/420486.gif?partner_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
via
1.1 google
alt-svc
clear
content-length
0
SPug
image4.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=af476251-b73c-4000-9774-8360e728a3e2
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=af476251-b73c-4000-9774-8360e728a3e2
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.24 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
MT3 4320 2f2dfe5 master ord-pixel-x8 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=af476251-b73c-4000-9774-8360e728a3e2
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Apr 2022 16:41:32 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjczNzQ3MUYtNkE3Ri00RjJFLTlFNDAtMDYyNDVERUQzRkU2&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug011:0:321
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMfUYK4PGpN7Iyv8NlDhSIQ&google_cver=1
42 B
364 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMfUYK4PGpN7Iyv8NlDhSIQ&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug030:0:476
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMfUYK4PGpN7Iyv8NlDhSIQ&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 6CD8 		43 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Fri, 08 Apr 2022 16:41:33 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3438805548955832676&gdpr=0&gdpr_consent=&us_privacy=
1 B
453 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3438805548955832676&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 08:56:31 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug023:0:429
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3438805548955832676&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=319376c5-9625-4c33-b391-6a27fbdfa8bb
42 B
469 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=319376c5-9625-4c33-b391-6a27fbdfa8bb
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:40:49 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug014:0:415
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=319376c5-9625-4c33-b391-6a27fbdfa8bb
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
6737471F-6A7F-4F2E-9E40-06245DED3FE6
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6CD8 		43 B
989 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/6737471F-6A7F-4F2E-9E40-06245DED3FE6?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:cf48:bf87:67aa:ca6e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PqheueZE2uWgH1zPzqnsFnMLAIXCWNQ-~A&gdpr=0&gdpr_consent=
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PqheueZE2uWgH1zPzqnsFnMLAIXCWNQ-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.24 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:53:08 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-PqheueZE2uWgH1zPzqnsFnMLAIXCWNQ-~A&gdpr=0&gdpr_consent=
date
Sat, 09 Apr 2022 16:41:33 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8510518999554731344&gdpr=0&gdpr_consent=
42 B
234 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8510518999554731344&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:783
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
2cba1650-00f8-4238-abd7-12c18e253d6c
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8510518999554731344&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ea599bd3-b823-11ec-b297-832d259745f8&gdpr=0&gdpr_consent=
1 B
427 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ea599bd3-b823-11ec-b297-832d259745f8&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:40:43 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug016:0:282
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ea599bd3-b823-11ec-b297-832d259745f8&gdpr=0&gdpr_consent=
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
ea599bd4-b823-11ec-b297-832d259745f8
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 6CD8 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:32 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
current
pubmatic-match.dotomi.com/match/bounce/ Frame 6CD8 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
image2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N
42 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug028:0:391
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7652430638150434878
42 B
240 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7652430638150434878
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:40:43 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug004:0:361
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7652430638150434878
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0cacc7af-3cb6-468a-8b46-87d17171d230
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_user_id=0cacc7af-3cb6-468a-8b46-87d17171d230
  • https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=1e4e8327-38be-410f-904c-e9a98857e2d0&ssp=pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0cacc7af-3cb6-468a-8b46-87d17171d230&gdpr=&gdpr_consent=&gdpr_pd=
1 B
336 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0cacc7af-3cb6-468a-8b46-87d17171d230&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:40:45 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug012:0:595
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0cacc7af-3cb6-468a-8b46-87d17171d230&gdpr=&gdpr_consent=&gdpr_pd=
Date
Sat, 09 Apr 2022 16:41:34 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sn.ashx
pmp.mxptint.net/ Frame 6CD8
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1D530_EE116DC4_4F17F1EC&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
HTTP/1.1
Server
38.67.14.233 Fredericksburg, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-332509294; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:34 GMT
Cache-Control
no-cache
Expires
-1
Content-Length
43
Strict-Transport-Security
max-age=-332509294; includeSubDomains
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Sat, 09 Apr 2022 14:43:33 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug015:0:393
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame 6CD8
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8510518999554731344
42 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8510518999554731344
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 14:40:51 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug007:0:824
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
203aab2c-517a-4bef-90aa-76c5e8797e01
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8510518999554731344
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame AFE8 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvA6fjrTS7-_SbXOBccDWEB4uIlPC9BZX0E5LmGcqVudDzF4JKZrXdIobspCPljEgcflJyEZaY1FEVxDWlVsAw0ICtNIb23euLHC-C85smSr2of5llO_U_PzY2sY8jBgf7Q1wdKtDW6jmHoNDlwje_Vn28EBovUzcmhF8C4MDpASWekOhl6Rja2ea8ZqjDdmzvnNrhz_RxX8GAcK0_o8T3VUzxcjdZ4In5kEzCIGUQQXpxL25mVZEtvSvrozd1T3EymAWrkP84g-jro-kugSxh_wJrOZXqD6SVCJ0MO-8mEpNeegKkFUhjgk5lM1SuRV1q1uVI-OqKu4ndP1UioYtpgpt8k8crVlzKhA0klv_dj6uuYXF9m6OK5exC7Snmft2ghGuq-XmAWsero77xcIEmqNDh93Fv5boou642o7tRJwKlUfuOpeUfQt0XDtDnj39xPgYnmk86JK4hk0Wxbo_mbgcb0G081w0KPFfPEIebp3ULsqT2mSq10OdUvDlsrPd1Ul7O90DwkaPMnWfJm2klhb2HdC7H_PE3AaEXFAaFaLVGqTuIcKsZXgIsJM2kQCrJlXdFNc10_CW-T4qZ4QxdPLtoo8LxjCSG7KUnqt4XnEd5sImdy4b6HNEXXfOifWJ78UKt06gF3gkljNQqXhdyanaxMG86HaP1vIL-ec8e53x7hZwBiG2P1FtLk7ZZ5Zhvx8a7ctODNWp04GDN7JZopEXcUX9nRa1MaeU7-dF094ugmdmqxO8EJSMWt-SyHSLGesrwFPzUZ30yzooEwQjq1EWG71ZQdFaaZMAbsHc1CdUoH-9RNs49TRSTrrSeZPZdS70yOd1H8NFaUplYVRQTCX5fuxVwKK32JnpOVV6canfy_rOgSCLekUWeRMEFoBugDYSns3vK__GPvouiFFc1K3-hgjjU28FD-xPVrmR-D929WVSrq34tM0bt7X803PX-OI5oRTo8eiG9vj_lZKsh0iS75GXDAalLVdU7UCB1K02Q62tug_R4s8XxbUE7Do9QaBul_B-JS-DnTlVS-b3iGZfkVez6MlVJnDgFnscfnGmdRTUiOLk4eZNt2WADZIbjmnSzhOCioVT_EhMkJJhCHOuEpIXPtiusaXmDfUOGsAgE4EVWtzUtrcxGcekQSMr9s0aNAYTiGL3G5xxfg6DZHQIf0tco0BtT0TkbcM_RSZoq-m15UP463j-CsK6ixHCu5vb3V&sai=AMfl-YSouh-azhLQrMz7AhxyTYw70qGSUIXhddPupA6EoVw142QbKeSy83QyYjA7J_8ER6ixFeIEmF3K0wSLwvKJUektG20VYUTXqQ0tt4sTggy-vzfqvsnnkuFI9TFEV1ABUTBVO3ZyuZAuT_i0Wa_hYPGrlnBfHg&sig=Cg0ArKJSzHsLtXBETxGwEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=107&vt=11&dtpt=106&dett=2&cstd=0&cisv=r20220406.35291&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DjmqcS8mZURfcsXe84tkQyz18xlIHxCNwqSwYmSWTtx4e39Lsyk5LMCILJYEsMQtegy-R8Q1jXvGr1B0Ua92654Nu4-w&cry=1&dbm_d=AKAmf-AmfmqxKdZFHQmbsb8sy2HsFyaPjWgh8-fIEWK6vwsnon-tJqC1g4voIMf1xCVphV_PtEO9rqvRox7OaWI-KcQEYEEgkQ6ixEKaoEyMFmr0czDSBnVfnQhdtoDV9ifuYgr1qxhDM8x-k1-TUaIVZ3c3HM2Me3Y2eULm7xOYP4-ibMhXLdkN2Mxfg4IsBCk_t2sxKxXvhQKWHtVrIMhP4wk2epiFUkGDDr8tjdzgAmztTmH8T-JL_KzUbl11BLKbLFQawz9vk_giZfe278sS_IU1W-aZmx8U1HkEqiyGbUmzt6o-iFxF4Pby1i5Bsevz-5EyCrmMaKH4O5SqhWYFKjZddL76uNi8oXYZXNfbJ5GpwTIBfc1jFz8xKx42d4-SI8Q8OfdT7xldfLzLUlorWTRbohnF7DghlIlX_aLa7RBDfRMMAaMGKI-nD8Rv95B5-KUpvuinbSp75yXmdiaNnLM4Q8qfhR6WTqmGy1Ya3cd2oKcVIqJ0yIBt0-0Xmx8T75FLX2m9qdA0dckcdh42T-p3Na--4xmqRqUBGobYLTN6lAdfSqVGvlf3xrbtCa0nVqQRGmBhRe_5kV97JzqXUdedjVjVI7l3v4tXey07DZ_mrjCCcNV7q8bO5LjgPcxg2ZUyelzCUqUaY6XqPdC-ungCLp6XgU4_K8qn1vaTywxjhLCmksey6fDvzbzR-TpPrIpCGr4t47-5RwDzy94L70CbOVp4_OROOTkh9HNWOqmqb94MIc3dRxW5fjHY6vhoQ5Ueb8lHdilh6G76vhz77uLr5HigqZK-SBYtQL-3T3kNIjjmdE3VYfTLKxFYN_MK_3YIHecV162CJa4XrX1ndRDjf7ffwV9CaTEcxaonOooBczPBJGkUoAT4kBXjy6uMmOz506wyZB7cYTD3iEzAlTU_Ms0NHbfYnGIxFLlsu_xdXuc2P8cfiid7wMG_ejmVJIkbxzZySznBT0FvF-_jKvmlhEy71aWbWvjOpA3zpjI2bUheWfcC929ogNoNDLcMS2fO-h_vApDx0Mr8u61eJvfy9w6YVlsB4rjWnNKYOVOSfCf55ek4x3XIkZKpWJ5MxDbA7EcDzfRJ98xoKyakk_DG1lL8voAaVQGgiymDPtiygEk0q4310g46fNDX2enkJB9Rj9nW15goL1RC_rxY-7MZo7oScNhLa3Eew1vxJvDbMhVb9Ko4KSTopMhRANAz0HfLQJ2El88k5B2vUg8Pi7e6debRXY5UyYLK0iDHsv3ZtnhTkhF0N7Q5b9VkpE9OIF65WROTNPNxUzZs2FSy8piyY76hNS5G0M1WyHW3qHnMAj1Zz-EucNbo87wpbfPn3WbJKXzZSiAVkrblN8ZmyBPJrLCouCHcY75KkFZ-nxe_YKiij_8LyiPS0CNqHiOeSeVLlwyOW2elfwr8APwVoXYCKKs65Ml1CAuNz6Uqg-0RJeaEBpsd_xew6WTG9jue58TkA7iUB1ytiDOhC3oo7E8ph05APClF4NQI3HHElWnAAgzR6OKSu2WeJ3h7mffGHnhuhHvIQbsh6XRJQ7zTb_cWX3R4iUlpXGiZ3o02Zbzvq_30zU_CPBP0BSLEOiW3asdHZTnqiB89OHvsCt4kdE5SlDLUjP7EH46kZJ6jJ5fv_OqP3Lchdz9lomfDSVpdq56x1VXpyF9-bxKNfK3OK_KaI5T751ceiP95D0NZZa4bhzSLQ5nQWQmOhl_PWCpBKYNKQz4m7OY4IyMtooaesx2ZctuSO07pT2R0WtJ6qmWM5NmZB6o7WBR40WNyXjvVU-MGw0r6IiOP4f_tim1uXLEWj6UxfaNMpT2HVHooOCo5YLHPROSIGpxfYZtZObFJsrBlOBc7byFX7PhuuKa79SPs_SaGh0LXsJDaqqPNnHqc5YRO-qlxAxyw9m2PJaveFZOO-VUqTYl09aJitTA_bmMDRMzKgpbdcLf0RPBbMBo_yDLpE7G02swp38OoLDQAWn4ibi17ZwBWCeaqdU48mi3-0KUZOpxp6iIrdFTDMqgMVpR_MGMADGZ1Kd1Q4PWc6Ei7wKOWwFZdimAt8D6_KyDM5MOPma2gmOexrMbU9m3blqXMMLeRH4DHgjA4R9Nxh9Q9RJWPHZ4OXrnaaiDYG5jwc70D4Y7SZ1rQKipva2AFxLmJnElr_v0hH3JJX-Jmswad2hG0tu3gqxk6zUt5E5eH6mWesUeeRDS4nIm0v0UVoucTKTtF3JIPRojNuSGrszR-X9ABMEvwAm91YvoXQ92rZg18frISf_5okSFBwGSzXNtIDdKTRyXaJF55hacCD5-NcykJu443mv5l65CC2vcaN2GbMpzp6H7p4KPzJEUgKxV6yvLxcVlxpkAcW1YTvAEuSkXragW_l2OCyVjuwZ4V1A8DN-8LHGn2HTn-uvmoERkpAWimzuvbf19Qr6Gs4pje65y9X_qFoHANM8oFd5u304MgDOyIj2bhKa043g6enyS6btL_CGBmY-qHbcmgZHHo8NdjRPROVvFZu2_ZkqmQXwILSfpdp32lcxiheYOWSVi2lxd6cQshMK8jcLtgnA5PKFd3xpogD-xdiSKDBSavoSBGYlb9QDaUZidniWfJI6phnDL9T0TNBvRf7PwxjyfnUnOLhfZEwN2cJqRkhhvgbpQNlWI1b7oadUGC1aIbJ401H5nRvARksvNeaDEwrOmMnso4xKhn1SbRyViR_ZgL6jOuLBGJe0_CchmqvbzV0QKITnz-ycE6C3oxANF_q0EMO0nLOKzDorW1GoVXwM7p7lsw8FaYInwHIYFZotvkM_8faPnWzrXDnPLT7NEZ_L3Tx9k6STr7LrDU5JjdXA45t1CO6ajHQqPDh05lHw7pp4A7_RVaTlaHWPspERY-uUMXiK9Xyxnfm5YfeadbYVwCSFO0EjCAUTf_A1xaiBC3CV6PiPMtRkwyQhJ0lTwesV-_leKNGvj8jLphNUfujY2kp7gxuWk2Gvqz_tu2pS3sHWEk38PeM4MBefLwkSEzetjthsPke1SL4byCKnIeUXLW-PAxuCumRCX8cC1mYJti3L38hAq5gmWdXHBvwtE4KmCMcdkTT5_-Jn4-ybu3Bpgd9P4ENLRYl8BOExOH6ATEOdNLnLE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 6DEA 		106 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 09:31:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
25827
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 10 Apr 2022 09:31:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame 6DEA 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQ8LFn4Qki692RI0V3kq7amDs9IQ9LSh-SaXZXqJLCWD31HqBY5d8E0T4IUUYNLlLpnQanF_4MC1Rrv9amQrKj1I4K4pQDzGB2c-RsJO3CvWWKazIGUDR60ZCfs7nnmIqqhNAEhJhjSu_DKvspgBu8-gW_ow&dbm_d=AKAmf-Dq04qy4VJZwUhu4jeRhT9onC77HahqYdhLMbwWA4fxKQu8Sv4Ojp5RuEitI82Gx5Yh76DyWSjx3l7ftiOlxNpiGuqHfQybFBD4UiP89QkxdVOcEk3mtEnCXyK_RxGy4k7oytulJMdDAsPmX5Z_qHPCqWzdi3pyeYXxUzfRwwZpZeyBh3moeyu_SC9-GdFJnqDD3EpZVW2w58iwAASmh_OJe3QzCg-B6M0TYZOBkJgn8KXnPKmVd5douZFLuehsNI2QASgWkLtBLrTPehrTuSQpmRrNgjce2KZiN0ZXS5m5DLY2FGLWbZmeO81ci-k6tVsKWfM6Y7UrA0TKkH9rZOAOVzRIpG9lNiJ6vsHbjBIX51EapN2ZhgTBZNPgTGYHFj-GhGX-2duTFOfpA5s9VLu7puST0lhSbB3g0jQ_jyZ71ZoofaECwNTNjWRRggbC7IUcC_aMEmO2EBF-DtnwggeOYQhcWgNcyJg9pe6FRFP0gWjTNyX3LUUav1rLGj7SNWCsE1YbFZi4sLZRx_sQk2Il-tP0tuYUtCsmMKztSPQjnqR1j40v9xCZOuD4Gomfogg9K_zm49oXtmZEds3MdhXoIzJe00HLMrs5jvL_a892c8gfdJT_7t-bx4m0itQJ_WdLGiXQXot8h01S145jtNCkIkg8pKC2J2BgCFg6MIYA4T55-pK-CgizKmSDcy-yPu2frHAiDn5IrPp1SitwuFfehah9z9IM32SS1V59ooqAJeGYRwQws0uM-gbMI2MAw3zSSsugPfXvd5fNBBTIXZUSvwdl3EnbDQIBVeTXAvIUJ0WIrAc4YrGPgj2K3BT_T1Q4Hv-w_h6EjjLf9SO5jZZfB8sPSts9uyrPm6kPMchVxftb1dzt9dwgHSTMa4E3YRR3QluRfNnqXTDsSs87XtmEuZC-x2YAczYYSH76ZrJ3kQ4lpjttXFRdNa7R_BFbQEZFU_-f25gsxGJ1bPeEJvSOngozF-0MQCJdYYfWbNMGDiuhqPHWgKDmWkBnrZukCn6guZ-ddN4H1ppYRn2ZkRzrn8eJbltGZqqZ-k34LuWV4q9sw9SKlQ0lcfrcOgM7A5ZeDvyxZq4JQtHm8ec6GDGcSduEXyH_YVBMIy5nWE2awQcdeEjEhvS3o7iTB5yrOaRv1jKpDwVlu-OIdazNAi41UIXUfK6z_2LTabdB05vU7Lk4D2xM-Bd6-nEzSvgkeWMSExZD_MdN8-p_FUD3rB0UA6jWnskpHOKcB2o0_vVdr4MjrMOaC1H9Enj1R0GWzbhXoGM2o17m9w_-oKe0HnZ_M8HtQDeG53mWJGD1hbqbag1p3J5wCrYSWP74PGKc-XuL-LvCoC2rKVs0iGyKjxjn1IlvczfZBevyTLJV1bIZ0QsRoylrWdf8ZQoAVTasQWdZYgvrPnEqWkbSpmOErxxD5wKCGCqjMKIVjh8_1zwNnmKF9bwp3vxmCTKO1kNCBYHnj_zXm5Pgn1wPyHfXBSsGSobn3E5DjXI2bsuvboVaRO08N-V3bJQwuIgWqh-hT5Cluu5AOlxXTN7wldH7PT8e-xbIzBDFBW3uDXSPUALhEInXP1rkC8_AE176_GSxFYrjBuEdqbeKLQOEeOKW2Ulp8IbuwC1Se1n-IQDuxHB8MIrqQA86Bb9aXkPZsrs-1Cx9Ga5cZpwYYGQL7vGUbYJOKCKl8S-ikOjjmlXuCACWCWWbrfLX7ZQg--KK4gHj4MOaEnVd80NcKys6qLjl0klleVOgK2dyBqL65AAEGmU8e9Zt0LVhkkNJoJAC1Z0OGaQ6Gl3yB0e0__BmXqKvFTHAKMjqJzmHOE_WFD6m-3q89TZOf521IN5G1fwpsYMH0sA1MZ5nwC14_9RJiJfUx6KWdK_Ynjb6jDQfxB6vPOPUE-8CGxUR7COGc8AfW076Zq836okMdgoK6pT95vyBRd1ifTiEeUdwSw-ZVW6ia8fn9BjtzZoEQULT1riu0XVNZkdufH1fe-_PCO6bCpxKqptsHGTu5ZSO4bEPLJnWI95U5u1Hrc8EWaRQ83fpI7phroqaJLX-SURiOKJkakHL08Wc-iH4y_vvcygqvDwBPYN4oLlRxkQwTPMba8UJ6HmV_5KT-GcFF6tdZgGX0Wk-9UgIJb-Yln7tKRhPn1K4CpJmLaWmXurLIoZdrB1vecWxQJVAKE5TlbegNi9K_LHqm4Dw1GEGtN7B61DWjlv9TjTJmG4OEn8U08CzYd1v1tkm8-0Eu1LHEdaDGbvq3Zj13L4CpuU1M-wjfTry_08fbUKDSxgtI871YLWSOIna2bShnUK_Jedl-mTsSu18mtrO_QN1LYlecCPSi1RdjAIStZlqrZ7PO5NyY5d1vWe63oEPaech_y0s8ZK0nlgji2o-dpGzraschT-Hz6WCZamrDsV-yRpsV4og-HYccemjVBbNJ8qlex_QAhgt73Fm8qwb3XOmEyz2X3Ao5NA-FNbIkPdDsEGeH93yENp0jUGjf5x26iiiWHpWmO2bspibIFGuYUDY42gjS_QY4MXziETLiAleo8i9gC49bxOB1RGq21uPIioP3ghXLn-9XOUo9r6XVwcqNVAZa_WwHRsq2dtKFl180Pd3eBHjBifhtoqNFKNtReTe-8zUNPvugHxpGfn7VGX3nDvmhG-5eCJZ1HCDu_A8eSLSVG14NY2s0ajHaLmchbM_OqA9g2vrxSwHxHi4dnSWREDlvhn16wbBm7Md3Wp7as3qTUE4ZfDWKs8MvoIjGL_w9xbQeKl8f5BDOTLd6iy7qxG2EkDsDqR60B9g6J5pUwuwexZY5DcDg1fJL8_UcBVvK8fgG28BbDh8LjmTHlH4KV9lMwQe_BgADu2gh9TRCRWnA5pc9dY2Leu2V_Pzf37btILmYM0weCRGszQB8mmM3cN8V3bLC_XQ_tAOYPiIcWwIupVQZYiH1tQrf3nKRYoKp4cq-DrLMhOQxx2K4Iqa7V4w1lmKMnw1EedkOjeG1e01AfWF_npS5rSJsdRsyOc1LRCZLkRd9YR4_Lz9ytjUONYcXH0I2WHJmNJsjJQvqj4Hu9FG5In2MyRW-8Pcc3H5bymZ9Q-WEj5h04WM42AVp_YTlpscb6D4ZP1uxsdtSzx28tPu2WZ68wOuDUHhphr-HD2LYrSUx9Nr2NhtxOPGTni5ojyvYWxkg5jmhTmQj398N_0&cid=CAASEuRoPPsL3gcUO66xNgJYzlI7BQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:34:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
427
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:34:26 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 6DEA 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AQ8LFn4Qki692RI0V3kq7amDs9IQ9LSh-SaXZXqJLCWD31HqBY5d8E0T4IUUYNLlLpnQanF_4MC1Rrv9amQrKj1I4K4pQDzGB2c-RsJO3CvWWKazIGUDR60ZCfs7nnmIqqhNAEhJhjSu_DKvspgBu8-gW_ow&dbm_d=AKAmf-Dq04qy4VJZwUhu4jeRhT9onC77HahqYdhLMbwWA4fxKQu8Sv4Ojp5RuEitI82Gx5Yh76DyWSjx3l7ftiOlxNpiGuqHfQybFBD4UiP89QkxdVOcEk3mtEnCXyK_RxGy4k7oytulJMdDAsPmX5Z_qHPCqWzdi3pyeYXxUzfRwwZpZeyBh3moeyu_SC9-GdFJnqDD3EpZVW2w58iwAASmh_OJe3QzCg-B6M0TYZOBkJgn8KXnPKmVd5douZFLuehsNI2QASgWkLtBLrTPehrTuSQpmRrNgjce2KZiN0ZXS5m5DLY2FGLWbZmeO81ci-k6tVsKWfM6Y7UrA0TKkH9rZOAOVzRIpG9lNiJ6vsHbjBIX51EapN2ZhgTBZNPgTGYHFj-GhGX-2duTFOfpA5s9VLu7puST0lhSbB3g0jQ_jyZ71ZoofaECwNTNjWRRggbC7IUcC_aMEmO2EBF-DtnwggeOYQhcWgNcyJg9pe6FRFP0gWjTNyX3LUUav1rLGj7SNWCsE1YbFZi4sLZRx_sQk2Il-tP0tuYUtCsmMKztSPQjnqR1j40v9xCZOuD4Gomfogg9K_zm49oXtmZEds3MdhXoIzJe00HLMrs5jvL_a892c8gfdJT_7t-bx4m0itQJ_WdLGiXQXot8h01S145jtNCkIkg8pKC2J2BgCFg6MIYA4T55-pK-CgizKmSDcy-yPu2frHAiDn5IrPp1SitwuFfehah9z9IM32SS1V59ooqAJeGYRwQws0uM-gbMI2MAw3zSSsugPfXvd5fNBBTIXZUSvwdl3EnbDQIBVeTXAvIUJ0WIrAc4YrGPgj2K3BT_T1Q4Hv-w_h6EjjLf9SO5jZZfB8sPSts9uyrPm6kPMchVxftb1dzt9dwgHSTMa4E3YRR3QluRfNnqXTDsSs87XtmEuZC-x2YAczYYSH76ZrJ3kQ4lpjttXFRdNa7R_BFbQEZFU_-f25gsxGJ1bPeEJvSOngozF-0MQCJdYYfWbNMGDiuhqPHWgKDmWkBnrZukCn6guZ-ddN4H1ppYRn2ZkRzrn8eJbltGZqqZ-k34LuWV4q9sw9SKlQ0lcfrcOgM7A5ZeDvyxZq4JQtHm8ec6GDGcSduEXyH_YVBMIy5nWE2awQcdeEjEhvS3o7iTB5yrOaRv1jKpDwVlu-OIdazNAi41UIXUfK6z_2LTabdB05vU7Lk4D2xM-Bd6-nEzSvgkeWMSExZD_MdN8-p_FUD3rB0UA6jWnskpHOKcB2o0_vVdr4MjrMOaC1H9Enj1R0GWzbhXoGM2o17m9w_-oKe0HnZ_M8HtQDeG53mWJGD1hbqbag1p3J5wCrYSWP74PGKc-XuL-LvCoC2rKVs0iGyKjxjn1IlvczfZBevyTLJV1bIZ0QsRoylrWdf8ZQoAVTasQWdZYgvrPnEqWkbSpmOErxxD5wKCGCqjMKIVjh8_1zwNnmKF9bwp3vxmCTKO1kNCBYHnj_zXm5Pgn1wPyHfXBSsGSobn3E5DjXI2bsuvboVaRO08N-V3bJQwuIgWqh-hT5Cluu5AOlxXTN7wldH7PT8e-xbIzBDFBW3uDXSPUALhEInXP1rkC8_AE176_GSxFYrjBuEdqbeKLQOEeOKW2Ulp8IbuwC1Se1n-IQDuxHB8MIrqQA86Bb9aXkPZsrs-1Cx9Ga5cZpwYYGQL7vGUbYJOKCKl8S-ikOjjmlXuCACWCWWbrfLX7ZQg--KK4gHj4MOaEnVd80NcKys6qLjl0klleVOgK2dyBqL65AAEGmU8e9Zt0LVhkkNJoJAC1Z0OGaQ6Gl3yB0e0__BmXqKvFTHAKMjqJzmHOE_WFD6m-3q89TZOf521IN5G1fwpsYMH0sA1MZ5nwC14_9RJiJfUx6KWdK_Ynjb6jDQfxB6vPOPUE-8CGxUR7COGc8AfW076Zq836okMdgoK6pT95vyBRd1ifTiEeUdwSw-ZVW6ia8fn9BjtzZoEQULT1riu0XVNZkdufH1fe-_PCO6bCpxKqptsHGTu5ZSO4bEPLJnWI95U5u1Hrc8EWaRQ83fpI7phroqaJLX-SURiOKJkakHL08Wc-iH4y_vvcygqvDwBPYN4oLlRxkQwTPMba8UJ6HmV_5KT-GcFF6tdZgGX0Wk-9UgIJb-Yln7tKRhPn1K4CpJmLaWmXurLIoZdrB1vecWxQJVAKE5TlbegNi9K_LHqm4Dw1GEGtN7B61DWjlv9TjTJmG4OEn8U08CzYd1v1tkm8-0Eu1LHEdaDGbvq3Zj13L4CpuU1M-wjfTry_08fbUKDSxgtI871YLWSOIna2bShnUK_Jedl-mTsSu18mtrO_QN1LYlecCPSi1RdjAIStZlqrZ7PO5NyY5d1vWe63oEPaech_y0s8ZK0nlgji2o-dpGzraschT-Hz6WCZamrDsV-yRpsV4og-HYccemjVBbNJ8qlex_QAhgt73Fm8qwb3XOmEyz2X3Ao5NA-FNbIkPdDsEGeH93yENp0jUGjf5x26iiiWHpWmO2bspibIFGuYUDY42gjS_QY4MXziETLiAleo8i9gC49bxOB1RGq21uPIioP3ghXLn-9XOUo9r6XVwcqNVAZa_WwHRsq2dtKFl180Pd3eBHjBifhtoqNFKNtReTe-8zUNPvugHxpGfn7VGX3nDvmhG-5eCJZ1HCDu_A8eSLSVG14NY2s0ajHaLmchbM_OqA9g2vrxSwHxHi4dnSWREDlvhn16wbBm7Md3Wp7as3qTUE4ZfDWKs8MvoIjGL_w9xbQeKl8f5BDOTLd6iy7qxG2EkDsDqR60B9g6J5pUwuwexZY5DcDg1fJL8_UcBVvK8fgG28BbDh8LjmTHlH4KV9lMwQe_BgADu2gh9TRCRWnA5pc9dY2Leu2V_Pzf37btILmYM0weCRGszQB8mmM3cN8V3bLC_XQ_tAOYPiIcWwIupVQZYiH1tQrf3nKRYoKp4cq-DrLMhOQxx2K4Iqa7V4w1lmKMnw1EedkOjeG1e01AfWF_npS5rSJsdRsyOc1LRCZLkRd9YR4_Lz9ytjUONYcXH0I2WHJmNJsjJQvqj4Hu9FG5In2MyRW-8Pcc3H5bymZ9Q-WEj5h04WM42AVp_YTlpscb6D4ZP1uxsdtSzx28tPu2WZ68wOuDUHhphr-HD2LYrSUx9Nr2NhtxOPGTni5ojyvYWxkg5jmhTmQj398N_0&cid=CAASEuRoPPsL3gcUO66xNgJYzlI7BQ&rfl=2%2Chttps%253A%252F%252Fsecurityaffairs.co%242%2Chttps%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
738b0dff97289a490e0472cca7d25e291a7ea70c850bfee1e264e9ad87a4a97b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:38:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
186
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9790
x-xss-protection
0
server
cafe
etag
8169034061967891973
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 23 Apr 2022 16:38:27 GMT
pixel
cm.g.doubleclick.net/ Frame 003D
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESECNJKiE2kcoJ7GoTcTzD9ZU&google_cver=1&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=r0diUbc8QACXdINg5yij4g&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4J4R3FrTF...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=r0diUbc8QACXdINg5yij4g&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4J4R3FrTF_SqQ
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
MT3 4320 2f2dfe5 master ord-pixel-x1 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=r0diUbc8QACXdINg5yij4g&google_push=AYg5qPL7Wb2xOd5SezZ08yhGrbHM3uxgD8md-S8Bqv_yMFr6zkrAkhEgYutQWrqWnbR5v9TgixphChd5gmvmhxT4J4R3FrTF_SqQ
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 09 Apr 2022 16:41:32 GMT
google
match.adsrvr.org/track/cmf/ Frame 003D 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGFu-BRGBFOMOoAQ3C5X5yg&google_cver=1&google_push=AYg5qPJsagiNWCvHGSCH2C6YVhy0sm_WlVfmqHfunwRcmcIpewtFxttHyCjCb6AgVMui0kp0HJbxttGJFkMhs_zP_CQFEqrR3u4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 003D
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEEMgs3N68uM9PpKOSDpn2yI&google_cver=1&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h...
  • https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4NDY0NTE1NzE2MTQwMDQ2NQ%3D%3D&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h02j8...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4NDY0NTE1NzE2MTQwMDQ2NQ%3D%3D&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h02j83pX_BSjNSL
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4NDY0NTE1NzE2MTQwMDQ2NQ%3D%3D&google_push=AYg5qPL_VnQas08LrUkykBXCooJbl3pwemNJCygO6Abn0-sM0beXWG5xGWudGCDzbCfaS8gZC79wMFYFMb_M3h02j83pX_BSjNSL
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
pixel
cm.g.doubleclick.net/ Frame 003D
Redirect Chain
  • https://px.adhigh.net/p/gm/rub?google_gid=CAESEOlrGYSNvohLxdNkfZFgunU&google_cver=1&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac
  • https://px.adhigh.net/p/gm/rub?google_gid=CAESEOlrGYSNvohLxdNkfZFgunU&google_cver=1&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&...
  • https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&google_hm=tRHbHvbq3p4AAikABlGADzP...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&google_hm=tRHbHvbq3p4AAikABlGADzPKkg%3D%3D
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
server
nginx
access-control-allow-origin
*
x-backend-id
f18-ru
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPL0ai1Gazd0RRGZY971U96mN2CbjFfA3fhNo8yS4yAqX0fyF3-ES6eGX-OdnGMD304G-hv5oOhv8pkyvxT8pDZNpptsHKac&google_hm=tRHbHvbq3p4AAikABlGADzPKkg%3D%3D
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
pub
cs.chocolateplatform.com/ Frame 003D 		0
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEKNOUqqii4xzDCv3h6JHiqs&google_cver=1&google_push=AYg5qPLBT30Rg9NH0kRNOG8-DmV9AM9j8sNhCUV6E0D1VTOmn49VxUnfkJtdi6N7A816mOlS1aK98Xrzamr08ISdmb3imA9PaMnS
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.203.145.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Chocolate Cookie Sync Powered by Vdopia /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
server
Chocolate Cookie Sync Powered by Vdopia
pixel
cm.g.doubleclick.net/ Frame 003D
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEL2DS9ChLABOZpn2c9Ir7Fo&google_cver=1&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb7OB_8dw&google_hm=Njg5MjQ3N...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb7OB_8dw&google_hm=Njg5MjQ3NjAxNDE1NjYxMjA5OQ==
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPL07_hK-eAe21-qRiunQ2xyukQmoyT-F_XCQbU6_RUc-Di-IGWHv11o_SkhxVmVGafr5k1bduBY4LeDeC36fjfHCzb7OB_8dw&google_hm=Njg5MjQ3NjAxNDE1NjYxMjA5OQ==
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
onetag-sys.com/sync/i,19/ Frame 003D
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEJPfGGR0ZjCOE58xx-VEg6o&google_cver=1&google_push=AYg5qPJVZjGahIm7oNs3AJuJ2QJz8osDNVHmU2b2H5tSIgcJR-l7fa-MDKmqvWDBtFxuuIlD2hdYIIVddUS...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AYg5qPJVZjGahIm7oNs3AJuJ2QJz8osDNVHmU2b2H5tSIgcJR-l7fa-MDKmqvWDBtFxuuIlD2hdYIIVddUSImYGWQ41_nR-B6eIm
  • https://onetag-sys.com/sync/i,19/?google_error=5
0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/sync/i,19/?google_error=5
Protocol
H2
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/sync/i,19/?google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
245
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 003D 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KO9_yujF6PUJWOeyuR4UmyM9Hn5Z1og79upA5FLEbEGyeBOBH6JCAS6JS2d81dWgfUHpO4rMY
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696129&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493853&bpp=13&bdt=165&idt=84&shv=r20220406&mjsv=m202203310101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=2&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=1883572036&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=383&ady=911&biw=1600&bih=1200&isw=320&ish=50&ifk=630487147&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31066932&oid=2&pvsid=2576413362890898&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ccx4x7ahkycr&fsb=1&xpc=6QwNYR3zGL&p=https%3A//securityaffairs.co&dtd=107
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
pagead2.googlesyndication.com/bg/ Frame 8062 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e831842d5c91b2d38de0b98f14031e00e3f56da5b74ea49d5823b9c726f7bbdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 11:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
104697
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Apr 2023 11:36:36 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 6DEA 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 06 Apr 2022 20:04:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
247052
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 06 Apr 2023 20:04:01 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame F4F4 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
38869
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Sun, 10 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 63CD 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220406&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
49446668bdfee59a73c82fbd3d2c80c93d630b750d9d908644b59b9c58230d6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10585
x-xss-protection
0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 71A0 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
40805
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:33 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 07 Apr 2022 05:21:24 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
3, 691129
X-Served-By
cache-lga21973-LGA, cache-hhn4052-HHN
X-Timer
S1649522494.539723,VS0,VE0
usync.html
eus.rubiconproject.com/ Frame 6886 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 09 Apr 2022 16:41:33 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame C005 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Sat, 09 Apr 2022 16:41:33 GMT
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E268 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-92.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=67921
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:33 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 10 Apr 2022 11:33:34 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 14BF 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
052047c0e5468198b5cc802354aebdb9749eed0f4d926fe4851a691aed674668
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8275
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
Mon, 11 Apr 2022 16:41:33 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
async_usersync.html
acdn.adnxs.com/dmp/ Frame AB6A 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
40805
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:33 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 07 Apr 2022 05:21:24 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
3, 690424
X-Served-By
cache-lga21973-LGA, cache-hhn4068-HHN
X-Timer
S1649522494.539854,VS0,VE0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D54E 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.20.85.92 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-20-85-92.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=67921
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:33 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sun, 10 Apr 2022 11:33:34 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 1456 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
746
CF-Cache-Status
HIT
CF-RAY
6f94b0e0c9ea995d-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Sat, 09 Apr 2022 17:41:33 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
beacon
ap.lijit.com/ Frame F01C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1ams1
beacon
ap.lijit.com/ Frame E31C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.14 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap1ams1
check.html
biddr.brealtime.com/ Frame 9F7A 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
746
CF-Cache-Status
HIT
CF-RAY
6f94b0e0cb056961-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sat, 09 Apr 2022 16:41:33 GMT
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires
Sat, 09 Apr 2022 17:41:33 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
pd
u.openx.net/w/1.0/ Frame 0BE3 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Sat, 09 Apr 2022 16:41:33 GMT
server
OXGW/18.0.0
vary
Accept, Accept-Encoding
via
1.1 google
checksync.php
contextual.media.net/ Frame FFD2 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C2043%2C3010%2C2040%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C251%2C175%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3016%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1&itype=PREBID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.122.146.68 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-146-68.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
052047c0e5468198b5cc802354aebdb9749eed0f4d926fe4851a691aed674668
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8275
content-type
text/html; charset=UTF-8
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
Mon, 11 Apr 2022 16:41:33 GMT
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
/
ssc-cms.33across.com/ps/ Frame 19DE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
server
33XP002
x-33x-status
2000208
truncated
/ Frame 6DEA 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a167665da88a694dacc771ab87d39db98f5e0f7ceb108a144a8a6f00aced130

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:33 GMT
index.html
s0.2mdn.net/sadbundle/4972692307066224640/ Frame 9ACC 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95c35a27251d6bb9bcea481f5a9cd327e19b45ebbdbc59f6ac328e4f439472a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
443103
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2667
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 04 Apr 2022 13:36:30 GMT
expires
Tue, 04 Apr 2023 13:36:30 GMT
last-modified
Fri, 04 Mar 2022 11:12:20 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 6DEA 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9YjlJWyQIJ7Ov_E-Djv2IHZoScuS_uevTv-2GUtArdfwYzcH6HGn6ZWn9nj6DUhzRemGIjpf1xezPsC6dYF9Ag17brC_EBvujT6eDFM_e0BBU42DPpR4-UiURPUnh8tkm70bfhqImUjLEWhEU0PruFaumb7OaZCGG-adoFm8eKZjOoqh8hL9OxzPB7BnJvDyNhupR9f737AlebzhTz3LhrSXkdHmyRkcaYcUSYgDzwaeXeued96UiFka_gX6FiWg6iX2WMl5UnsLhsnzn_2vJu37V9BHcfinsGj-CPlft49VHShrtDVyRVUIoQQEEQ70_bWOq0dFJrpKBfIarT_4-Se7Uzz0wgZBVm2KWkZJFT2r8lDHN3xjsn3iOkblrQLYKRR9r3Y7zy5jO-lNGSUzi2B0gScqUthJ0RDlJdIM8pXzlYy3dYEZVhDgYyYebdLU2k67I00RNxihZDnaeaSBg6IHJsWJ9-qoCb59VuuxIbmxLHEtmlKVNQzJvDzEZk4YJN9numrQ_28hUP9GBQ1eNJqAcTVq-GILSC0A_YnXWrlSAcU-0DEya7CIu87MHTy8icJd2H6Xq2ZAaNQFVth5DX18-CojsLJsbe-2i_nbM3E49xXsWGRmAVOEz3Dc3agPT-ptCjGlrcLGsyDr5-0oWxayot0YEJUmML_67qzRLWFcQLVSHj2EjL04ljQM7YfdkpfEyFYgVon5S0f0hJT-u_WatdMJZp1I188SU18vtRrz1BBSTXUQ17xxFDRtgL3VXqgbmFsP6ebmMgmhYLW_c8hQ-LUEo70eQeJiiVZ-APjvn2KpdAAlfkort7XEqQzJXmOKlsaP7tfxH3CQ_YaXxhf8gd5ETzqgO-QpBW9WBObkrs169C93S7kW6AIjk2q2d-Qjrypm5TgUk8TKhLI1NiLvwgutrM0HmmdmmHkTiXhllbyU3QhVEK7Ou_z6s5TAOO-6XXqmFOmNOMwmLuP5vOKne1s-ZV_3vAfvsR97SLC0D1RSKXNr-aD__ADDZ4mnjGW1O2u5S-UnarI6LIoFIEq8YrWeBPyiGwBZ_jB9uUnheEo18yCcr7st5njVgGhppYBIF8BH2A5FgBv32YwOZZzXJGxIr7sQCj4sDilA7QORJ6o-gkC85vn3_EV-_eKlnAwD0W6_VVjQwXAOJlpyfnPBiHZ6Z1D291YdKzt5iTWGBcA5-Hvn8ideRtHM4uflnCWEnrG_W2UwaGSGBl76xugRNfHC7vNyZQQ&sai=AMfl-YTgt_3ZiRvke_UkwC0CdOI5DuzJHdKQJ0it9B9NGzdaVSamySTer1ccQO8wK8ZnJ0nzDyx5JCfmIZZy52qh185QhwBTgc-0x8Lxn-03_tgYRVpez3mNBf0qlvsZWd34xgxGNJkAb3tjvXaXrUVDvHO0NdgK3A&sig=Cg0ArKJSzCL11kr59LGBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&cbvp=1&cstd=228&cisv=r20220406.24588&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Sat, 09 Apr 2022 16:41:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Mon, 11 Apr 2022 16:41:33 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 63CD 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31066932
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Apr 2022 16:41:33 GMT
usync.js
eus.rubiconproject.com/ Frame 6886 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.20.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-20-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
8558f0065e6626134905a7421f31a12c4ae038e1a4adef70c1752489ef6cdb2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:33 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=50240
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Sun, 10 Apr 2022 06:38:53 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame BBC4 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
247052
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 06 Apr 2022 20:04:01 GMT
expires
Thu, 06 Apr 2023 20:04:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEDBFfqSq_HXyie0SPTfOAE&google_cver=1&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3...
  • https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3TbIDqRDrX0C-dljLycSPcrgt0zk9MGkbsCGQHDpqYb&google_hm=0mMFR0G7yyt5...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3TbIDqRDrX0C-dljLycSPcrgt0zk9MGkbsCGQHDpqYb&google_hm=0mMFR0G7yyt5OoGkrxnEQQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKjVwKJ5rOpLGFD-09v23Q5NT1V_LTl_AFh7aZW1Q28DY8M-EJIj3TbIDqRDrX0C-dljLycSPcrgt0zk9MGkbsCGQHDpqYb&google_hm=0mMFR0G7yyt5OoGkrxnEQQ
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cve...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N3VTdWhqYU0xTkRlOXU1&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cver=1&google_push=AYg5qPIIm_sT9e9GBjzMESXP9sGjVN1rTK1b74QldtQDZIB...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N3VTdWhqYU0xTkRlOXU1&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cver=1&google_push=AYg5qPIIm_sT9e9GBjzMESXP9sGjVN1rTK1b74QldtQDZIByPsOR45oX0gAXjqQj7IIRRyD0zKcu-J0W3frRcMbfLrroT18zNC49
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
Server
PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-022b0454a7aa0bd60@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=N3VTdWhqYU0xTkRlOXU1&google_gid=CAESEMfkgcatSWYmbCDVVYtK5Ak&google_cver=1&google_push=AYg5qPIIm_sT9e9GBjzMESXP9sGjVN1rTK1b74QldtQDZIByPsOR45oX0gAXjqQj7IIRRyD0zKcu-J0W3frRcMbfLrroT18zNC49
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESENltAGqhlR6-kWYkS_5lSi0&google_cver=1&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3IyR8zulW-KfptLn
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=363B886755E84EE2BA063EFB46881D49&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3Iy...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=363B886755E84EE2BA063EFB46881D49&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3IyR8zulW-KfptLn
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=363B886755E84EE2BA063EFB46881D49&google_push=AYg5qPI-1jAEqZkDykPEtSPwxZhH-bstGhwNOyqzGH2zknYzGAnz6CTJSvhAu40t0TsW8kaxeIK7gkZtwK-R3IyR8zulW-KfptLn
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Fri, 08 Apr 2022 16:41:33 GMT
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEI0Z-2pHd5tMbLWny717YWE&google_cver=1&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM...
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM93qOgKeXzUWoshx8AhP4E2P2DbpcqbIhw&google_hm=QVBDX3YtQWNnYURmU2VheT...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM93qOgKeXzUWoshx8AhP4E2P2DbpcqbIhw&google_hm=QVBDX3YtQWNnYURmU2VheTZFNjViWUE=
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPJIiIon8HM2D3azYNfXLM2uEBf7443LbRal0JtZIiL52wYaAgpMqpL0d9NEXsXDM93qOgKeXzUWoshx8AhP4E2P2DbpcqbIhw&google_hm=QVBDX3YtQWNnYURmU2VheTZFNjViWUE=
Date
Sat, 09 Apr 2022 16:41:34 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENjQPu_3drPovjCpg3XqokU&google_cver=1&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gD...
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gDQHQXMEHl6RpG-g
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gDQHQXMEHl6RpG-g
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 09 Apr 2022 16:41:33 GMT
via
1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA50-C1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIFYddPl962hjFkWrcOJk2ZCd7koSNt0_rSBHnKtaDXb59j8zCVFgbXqmHbdSdbZQkO5s_gAiDQ1ZnSN-gDQHQXMEHl6RpG-g
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
pyz6tvvqnu6f4YxZlJt0t61EPZfuPHVJmBd36vtcj-JfC3Gzy3krYg==
pixel
cm.g.doubleclick.net/ Frame F4F4
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEKr9ANuHgZ2IVVQVhR-uBy8&google_cver=1&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQwOTU2NjYzNzk0NjQ2ODM0Ng%3D%3D&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQwOTU2NjYzNzk0NjQ2ODM0Ng%3D%3D&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTQwOTU2NjYzNzk0NjQ2ODM0Ng%3D%3D&google_push=AYg5qPKcQJ8somMPbeCopeRA5ksL79ixes2Dv96aHDsRhFBcN6q5ZDzZysHNWljUgZXFeA-OQMmQJwv8l__TYzBSDRlKYnoCaXqW
date
Sat, 09 Apr 2022 16:41:33 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
dot.gif
s0.2mdn.net/ Frame F4F4 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEBWCTJj_SXe_rTxbqRZsNCk&google_cver=1&google_push=AYg5qPKG2rmAPEygPuaALewvl6VW2HV33i4WXFs0IgHEORq_1qtBQgzKGxIVGqChtfUodZSWyLt4QeWU0gVm8MkuzGmtOyOOW2UgbQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 10 Apr 2022 16:41:33 GMT
attr
cm.g.doubleclick.net/pixel/ Frame F4F4 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IIoKHmvZlhFBIrsh7WS6-1CUoR5u_uSL96JGTshfLd1N52SDbL_l-lZX-YfP2a2pQGVuR5gQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:33 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6A8E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
6341
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 14:55:52 GMT
expires
Sun, 09 Apr 2023 14:55:52 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame FA97 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6a125fbe4070d4f556a5eda88e89d134b4b92e51fa932e71695f0b34b31ed499
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Nylps40RrFDXSYRvNc92hw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-Nylps40RrFDXSYRvNc92hw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:33 GMT
expires
Sat, 09 Apr 2022 16:41:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
createjs.min.js
code.createjs.com/1.0.0/ Frame 9ACC 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:f7::5c7b:e14b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Sat, 09 Apr 2022 16:56:34 GMT
javascript.js
s0.2mdn.net/sadbundle/4972692307066224640/ Frame 9ACC 		31 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/4972692307066224640/javascript.js?1646317800570
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5da8508979b65eb345641eb8008fa292e6549f303621adf6298d7e2cc2d48b90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 13:36:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
443103
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6713
x-xss-protection
0
last-modified
Fri, 04 Mar 2022 11:12:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 04 Apr 2023 13:36:30 GMT
async_usersync
ib.adnxs.com/ Frame 71A0 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e40384d6-506c-428d-a655-f02ea9b82146
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame AB6A 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:33 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9a4e9d01-505b-4e03-92fc-b8c27a7a9de7
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8062 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQpa9PbdRYsryCcOs9u8Po8qPoAMAAAAAOAHgBAI&bg=!y8ilyIzNAAZAkm7qYJI7ACkAdvg8WnfHj3ROcYE9SJ1lT2ieMBqEJUZ33S7nk3MO0A2SzhUVOCOJQAIAAAFgUgAAAAJoAQcKAIeGu3K65_fR5XJipEKYbH_OJR6oplgVbKE7qQo-21X-XDIPg6W7i20Q1RslJfnJOKrcwBoY6s3UyV-n08FwYgrqhrKhZ_T1DG8BJitYB6fgyVI50pX30EGglVVY81IE2yswh9X2FySlS-885gX7pnoejLzVIuzbg9pFMMwDPm52D4R4YNczSrGZAuNcIWaLEfMdGme0Wz9UawO7qxlhhSkIlVa36vD8sh0spTvumoYvjys1JVQHU478xvU1oEKiRxM5TsD20SVudRBQVXseEJkNJuwZFjsbPvU6h5hv-b_YLKM_iprYVZVYOVYeo0EtjnsetqyyMIgFg5hU8C4s-5NVXqYZWpuQ8aWtEeFgWdaVw8rHGToHlknS0f1YP3sg6O4SJSYLrvhqgwPmRJxumCNyoZ__cxFmSBYSTFz8qgmcGfkvMv9mgEX8PgUlSed6rh4qghZHnluArTIUNjUGvhNBYt6DbBD3K25XNH_nZ0zcHCdkwyN93JyEN__GKo4mEk4aBu1Cw_HAtHWQem6JJXSuF0wHPgrm68vGjs-C7HhefkbZ4ENgAgwjooixHRqT6whisVkpX5RNVVJ76NJRiubJKzjIr420jYGQArWE3rV8gflzx_2lg7-dYtGx7jUU7FVved2sNzSqJ7xqnr79M4fwV9_V_gWtNpUwKy3Wd0M1jJWBQ9miqT0XzzCKGQWMnBfT3uYGtBkbtFR034orG9u8_cn9a10NQNexix_kv9A_Z39RcluBbfJOvNwIl2LNgkH4U2wnLTY4gp9i5lDqUVHVLL_wAsjbr7FGCl_LdUaIpzmmB5CdLfBaJhDvjXf5-a1mspDy1nWKS6-jsOWuNjHGuNZMti80kojrtHPFMXhsG0_PpaMHSyl6vC0P2ch3xD1yYJgsImnuFh3Dz9TvBPuiQvV46djnuxYBdUiiqO8XbXpJQr-Mfdn39XZvNg76feVWogEKc5U3KZ2sMiWcNWoHX-rRNH_f1YV_GiL-CevcYglsrriaVFFKMVevI6m-4T-IzcSLL4uhPpnV7baPYc2LbRz3WDcklc_pHiNyHTuORqi4gXLJ894VqL_XZKZSvooD20TuPNJZxeMtfBixGa--hjefOM4BzHB33MEXtnDqfwShKupFUymUkHrBNXuGuaa3TbvVrHysRPIEusrp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
pagead2.googlesyndication.com/bg/ Frame BBC4 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e831842d5c91b2d38de0b98f14031e00e3f56da5b74ea49d5823b9c726f7bbdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 11:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
104698
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Apr 2023 11:36:36 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame FA97 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220406&jk=2576413362890898&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
pagead2.googlesyndication.com/bg/ Frame 6A8E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e831842d5c91b2d38de0b98f14031e00e3f56da5b74ea49d5823b9c726f7bbdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 11:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
104698
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Apr 2023 11:36:36 GMT
visual.png
s0.2mdn.net/sadbundle/4972692307066224640/ Frame 9ACC 		43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/4972692307066224640/visual.png?1646317800542
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696128&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1649522493&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649522493828&bpp=15&bdt=177&idt=150&shv=r20220406&mjsv=m202203300101&ptt=5&saldr=sa&correlator=444991789591&frm=21&ife=1&pv=1&ga_vid=135510834.1649522492&ga_sid=1649522494&ga_hid=2034186406&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=320&ady=475&biw=1600&bih=1200&isw=728&ish=90&ifk=617693692&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842&oid=2&pvsid=2734164513959978&pem=610&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.wqg1jays7dl6&fsb=1&xpc=YylYbcKUpy&p=https%3A//securityaffairs.co&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
sffe
x-dns-prefetch-control
off
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=0
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Sat, 09 Apr 2022 16:41:34 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 6DEA 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss9YjlJWyQIJ7Ov_E-Djv2IHZoScuS_uevTv-2GUtArdfwYzcH6HGn6ZWn9nj6DUhzRemGIjpf1xezPsC6dYF9Ag17brC_EBvujT6eDFM_e0BBU42DPpR4-UiURPUnh8tkm70bfhqImUjLEWhEU0PruFaumb7OaZCGG-adoFm8eKZjOoqh8hL9OxzPB7BnJvDyNhupR9f737AlebzhTz3LhrSXkdHmyRkcaYcUSYgDzwaeXeued96UiFka_gX6FiWg6iX2WMl5UnsLhsnzn_2vJu37V9BHcfinsGj-CPlft49VHShrtDVyRVUIoQQEEQ70_bWOq0dFJrpKBfIarT_4-Se7Uzz0wgZBVm2KWkZJFT2r8lDHN3xjsn3iOkblrQLYKRR9r3Y7zy5jO-lNGSUzi2B0gScqUthJ0RDlJdIM8pXzlYy3dYEZVhDgYyYebdLU2k67I00RNxihZDnaeaSBg6IHJsWJ9-qoCb59VuuxIbmxLHEtmlKVNQzJvDzEZk4YJN9numrQ_28hUP9GBQ1eNJqAcTVq-GILSC0A_YnXWrlSAcU-0DEya7CIu87MHTy8icJd2H6Xq2ZAaNQFVth5DX18-CojsLJsbe-2i_nbM3E49xXsWGRmAVOEz3Dc3agPT-ptCjGlrcLGsyDr5-0oWxayot0YEJUmML_67qzRLWFcQLVSHj2EjL04ljQM7YfdkpfEyFYgVon5S0f0hJT-u_WatdMJZp1I188SU18vtRrz1BBSTXUQ17xxFDRtgL3VXqgbmFsP6ebmMgmhYLW_c8hQ-LUEo70eQeJiiVZ-APjvn2KpdAAlfkort7XEqQzJXmOKlsaP7tfxH3CQ_YaXxhf8gd5ETzqgO-QpBW9WBObkrs169C93S7kW6AIjk2q2d-Qjrypm5TgUk8TKhLI1NiLvwgutrM0HmmdmmHkTiXhllbyU3QhVEK7Ou_z6s5TAOO-6XXqmFOmNOMwmLuP5vOKne1s-ZV_3vAfvsR97SLC0D1RSKXNr-aD__ADDZ4mnjGW1O2u5S-UnarI6LIoFIEq8YrWeBPyiGwBZ_jB9uUnheEo18yCcr7st5njVgGhppYBIF8BH2A5FgBv32YwOZZzXJGxIr7sQCj4sDilA7QORJ6o-gkC85vn3_EV-_eKlnAwD0W6_VVjQwXAOJlpyfnPBiHZ6Z1D291YdKzt5iTWGBcA5-Hvn8ideRtHM4uflnCWEnrG_W2UwaGSGBl76xugRNfHC7vNyZQQ&sai=AMfl-YTgt_3ZiRvke_UkwC0CdOI5DuzJHdKQJ0it9B9NGzdaVSamySTer1ccQO8wK8ZnJ0nzDyx5JCfmIZZy52qh185QhwBTgc-0x8Lxn-03_tgYRVpez3mNBf0qlvsZWd34xgxGNJkAb3tjvXaXrUVDvHO0NdgK3A&sig=Cg0ArKJSzCL11kr59LGBEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=800&vt=11&dtpt=567&dett=3&cstd=228&cisv=r20220406.24588&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s01-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame 10B1 		14 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220406&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
343b262a65ff91535831954dd1886bdede21b94c49bc058adb8f7282118fdb6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 09 Apr 2022 16:41:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10651
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 10B1 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203300101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 09 Apr 2022 16:41:34 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6189 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
6342
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 14:55:52 GMT
expires
Sun, 09 Apr 2023 14:55:52 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 71D1 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2f51b9e3e439008fe0945a3c4a5b4c2283f2d4d6c712627df1a6f37747e95a2e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-QZkF6zxuYnWKnC76f4e5aw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-QZkF6zxuYnWKnC76f4e5aw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 09 Apr 2022 16:41:34 GMT
expires
Sat, 09 Apr 2022 16:41:34 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
generate_204
tpc.googlesyndication.com/ Frame 6A8E 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?XjgOrw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame 71D1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220406&jk=2734164513959978&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
pagead2.googlesyndication.com/bg/ Frame 6189 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/6DGELVyRstON4LmPFAMeAOP1baW3TqSdWCO5xyb3u9s.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e831842d5c91b2d38de0b98f14031e00e3f56da5b74ea49d5823b9c726f7bbdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 11:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
104698
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 12:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 08 Apr 2023 11:36:36 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame BBC4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvEu7PbdRYoL-C9D-7_UPjcezkAwAAAAAOAHgBAI&bg=!trWltfHNAAZAkm7qYJI7ACkAdvg8Wryzw6gqhT-i5DZnjmty7TVHIy5Boh2IssKBRGDCTnczKeZoCQIAAAELUgAAAAJoAQeZAuQZxj-gzPODs7i2jPLqFgsRZ2LxoxyIx9u_Fv7OXEwqPcPeq27fBNpWdEYSuNtR_d0YNJgmTG5haOUMup_Cg5eytsjY-gcQjB0WiUc9EHtigFZF_ubw7S8cQ0WmGiX1_ra9ALZQIukO07AIqEumwjMocPTrJBmUlHQ4VgEOEQjq-sM7m_xqBPLKdtkjxzJ9vjN635eBosEM21bm4jbwRWgcLZDKxuhBt-diDBANyIipOK2-nrSm0ce9gnbfrqMzQRPRZYRXyfOw7x2G4URmqR9mlbMNOhUmXQbcBPmORvbiZQ0THat3SG4CDYeGt3n-qelKKhnf46-MmbstM3lbTDnKGEGiD3AV7XoQo9H7pSWeZRUUXZu_spmM9IIYVVUqun2_Xv_CDpL7T_nspTMj6ICWIT6Z6dMpaIf0vcd0Q56RAAfgx2nSYyA2VBBpP0piB-DQ4Qfkenwsc3Z_5iwlE1mNi3ceeTRxZjAEPl1FHGFNqV-l8iUQhfRiq9W3XraYo936icGWjApKuLelco2fXuw_wokaCoPbxI8t2cKbhvnEJFar9EMHMHJEntSedGJqparUmVE_dHf4Hgk7HhnhPepcWdaDGr8lWWo2vZ5XOfG-5KvKtBx73w85l7G3zYnLZDInZVOwLIIEtjLn9MCfU77Q5r_YQozo9nWNWNNrha2B7T9WzF_HLz_OFJqjrc6ksuAuzCEuet-pfCw1Sg0R4wmJgTpC00xHB622P0Z3_c8LPbfyzFuK4Oib96PyB_gJEdbk31Tvmhw_2ZQFJKDaRLIRxu_k0bK0eZSbCULY-BZS73hQVVw79VCLEOu4TpmgeLQSDTAoYrpPRFKRXgdAwZaNdWRdkFmbKlkIUMtE0viZjn-Z9q8eLnXSNNUCXyIZi0BqvboHVbLC7Eq3qEpIvAEa3cu0tnTdds73aSy9x38iOa_XUX4quK3xNL6h2_2usFMmISx5yYH85fnqo8wOq_1_5H-kgw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 6189 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?7tlgiw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
visual_1.png
s0.2mdn.net/sadbundle/4972692307066224640/ Frame 9ACC 		98 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/4972692307066224640/visual_1.png?1646317800542
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d5fd52e5f33ef05ea97d0459d3640ee8d5baf17e6a5ae8c2a3646625fc82397
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 13:36:43 GMT
x-content-type-options
nosniff
age
443091
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100229
x-xss-protection
0
last-modified
Fri, 04 Mar 2022 11:12:20 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 04 Apr 2023 13:36:43 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 6DEA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss-zQdO-5erPGmhlfL6zOGQZ24x_BQTkiAuAbjtEOvoKh8J-lL3WSZwwWciPkWg1TdRLuCsG5gYa8AhRgvDthUp2HRCk520zqyPsg09bBXxVxC0wEKn0A&sai=AMfl-YT4LFBaSYGEQZu3hxeiRcRFzXThYtC2OY4GjlDxa5N2LrPAolWIlzngmnGL_2qiePWMKhVg5d5wIf2CYEdVqCyUHnPg19rkCC0&sig=Cg0ArKJSzN9_T7x8WeMoEAE&cid=CAASEuRoPPsL3gcUO66xNgJYzlI7BQ&id=lidar2&mcvt=1005&p=0,0,90,728&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20220406&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649522494007&rpt=711&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame AFE8 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstlmeQ2Y0RuN_meYsAHWRond06m2kUphzhV4lCrvBL31T1GsmiyE-P1E4GCMLNamFe6GlXDn7AQfZAwcO2YvBBwCAtMX6AIY4XQ_Odw4R7IQ2dmJyFL0w&sai=AMfl-YS5a0s7mWL4KFfG4KYbP2ZUUhHJt4pXPaqpp7QNSPs3j6xn7A5-ejZcQEJRO4Xn14Md0A_oNc3YCryKnq_5k41IFHr0XYU770g&sig=Cg0ArKJSzMQzDolOrVj1EAE&cid=CAASEuRoq97tEvJPaf8tiVyxAjUFGA&id=lidar2&mcvt=1007&p=0,0,50,320&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20220406&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=468307373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649522493962&rpt=765&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 9ACC 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:39:41 GMT
x-content-type-options
nosniff
age
113
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 09 Apr 2022 16:54:41 GMT
CongstarFont.woff2
s0.2mdn.net/ads/richmedia/studio/45844501/ Frame 9ACC 		102 KB
102 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/richmedia/studio/45844501/CongstarFont.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4972692307066224640/index.html
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:30:37 GMT
x-content-type-options
nosniff
age
657
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
104232
x-xss-protection
0
last-modified
Thu, 06 Oct 2016 14:32:08 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 09 Apr 2022 16:45:37 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 63CD 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220406&jk=2576413362890898&bg=!tLelt_PNAAZAkm7qYJI7ACkAdvg8Wqpyie-Ed6Rqbw_I7fBd8KjG-H-YsZWqq6LFf9QpnQC6n3_rSgIAAADoUgAAAAVoAQeZArQ6aPc0Wn7bN-polNWQLetcT99zs977cVuvipUn_4apqlinrczdDKrHsza2AivPMP2EJDJ45Mmscnwnvo6CBJVqUmT5CLzxgKifDxpR5JEVajhtHYebee4j0OCleKX_dz95yOQuepl2uqTIPU1gJfnk94jqM_rVIJObF7WaNxH5eEc_KpLqB3qqpyniffKmpNmoZt-hgaNyhFr-q3unmJ0GD0Hnyx4-g_GesKB3IDduAVJYeVTVgvIRQiIXKEdt_81szW1uTBGOo882JpArgxyG4WJw_8kP3Oru5qPMQZ9uzVkd1CHfS0vObp1dCfkRhwcpJScieDHMRJ1Au1eJt9ZVW-i8TJtZnzSZvY0fU8Mi_VCu-F9WdZYu9zWrBmZszDSng1ajadvastEJTpdqCX6Qy76t9SZpvWRpZId-3FnuYAP0eg-u-H_yHdPB1RoSzUxdC85jz0f-ejSc3hFs4ciIYgxsSu3IDu_EymdJ54YqoRydcFSTZXLRkrUsC7b6RPmLXWaBn2huBKw1XVBfES6l7LbOuNLiNi_zBIRRDWXQQPj65gcXqfNMnOXa92iLeW6vtZAOq0xr4rirac9tWbIJofcegebIBscrSZT15x3FTbPOJEywoDZIzIPkqeBCUxurRMZCD2Fo9-qjqIwsaB0xnxmZCOMOv0QYWRsSbm1LwJ5iQPaHi1-M5KRkeeX9gEc1q_uh4iXe7mQ4HK7kskbxqkQ18e8vUQ2K5zY0SlurE_DePebnbfrwAoGZGKvTBtwbUG78wMGAuUM4mXTAmBs7DgYMWTTPMisTM_exJXjkDO0hanSbaMuyTsDbB17DPYkMpRdgQMaQKNSmXK-HeO5OPpKlWIvP7Y3VKr6ipBlekehUJ5aKosDLPD0J44-45dPa8aeGEYPqDzJ3Nb1YmN3n755DSA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 71A0 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:34 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
ca618e91-7fa1-4659-9ab1-e9f08675a52c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame AB6A 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.88 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 09 Apr 2022 16:41:34 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
da018efa-6de8-4b07-b8ca-1d7aa341141b
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ptrack
a.audrte.com/ Frame 25AD 		368 B
881 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptrack?arlocation=217.64.151.9&p=M1353665098&artime=2022-04-09T16:41:36.184Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lM0E4MDAwJTJGc2V0dWlkJTNGYmlkZGVyJTNEZXBsYW5uaW5nJTI2Z2RwciUzRCUyNmdkcHJfY29uc2VudCUzRCUyNmYlM0RiJTI2dWlkJTNEJTI0VUlE&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-137-182.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
661a9cced29ce8a5f33a6f1e01a579b401a4c54090f35db034f62b97ed34c4c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:34 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
264
gen_204
pagead2.googlesyndication.com/pagead/ Frame 10B1 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220406&jk=2734164513959978&bg=!nZ6lntrNAAZAkm7qYJI7ACkAdvg8WiwLdQ-Rsas--wyOppQmDuFfOxytFydInIjv9JJ2UnLVdSRjQgIAAACbUgAAAAZoAQcKAIuj0A58sUCFkwLTcCBJsx3UPen3DiFyeuOSISbIoCqP4MdTfMFPVOY4CFpEc-rtJJJP9RUsZhRdgQrcRkWrOEEwKitOUK_4WI9RkAk2EegwY3GWonV4LMAoP8ikHNJJoZ5JUaDA9r8GHbjZry-ZAwPoLIq7JEQUN0x3ZBWBf6-8pYI57rX5b_gog36BmQK9ZL-Rw3-xWT1Ei2_vplMBxo0O1A6TcZ94CDQa3H4rA3Up94fDtaCNlJsTRMd7R_0qg1ivPuMyY4CoFWKXxADy6lUfnaaPo8VHbc1eM-WqukUH9M0vFc9g4eCT98ozlBQ0PRhVU7YvefK2zrCoMXGd9D_Zg8IbMZ4WRpSRCxUaLPJsWT1-ENav6dj-A8QKgjgLd1031mHWfKuxGi-swohbs9LO8GvBPP-epQDYzPBlhBqrTL5oOh7j7zz_IGH8CTwMCd32UM9lz6p3uD2o2T8sNDGZ__MAPue6wRHb_rnMrQVxi9ZISYEgiOCpvbwosuUnWLZrHiydIoVTgLgCnodfNYKZWMcZVaalE9ldtVhLRDOHNeGaoFSzq5YefA626BHj6K4STKHTQ1VvHYfyOD2osWJLVNVbbHW4xFuMleD5ulY_StGHmgzoub138a-0AXwu_aGMPOa69bCMqMBuWRWSA_aOzCF3ApEcljr1exYmSqWanCIYkP1frnVePmIbHdRSAki7lr1q5fqst9vk31gMVHVHJ0U3b9utafArqfjNiADBmU7QVbmfNK4DnIAO3gNgkRNb_Gaa7V9N-aa3P7KQIIrUT_QlXhWIQoLJQYtf74Oaq1mlurk3Y_buc21tqzre3-DnIMqohcV7ZR5k7uW6znNjf5GmOYGluasVE4uK6uqyGC63ffyKBSBEKRaqLEWdH54BDnvUen2V9Gs8DNlkqurgpn-Zn856QbgJ9l1ogo7Vf-gvIUUpZF2qYKzR64ZWSWqkhiM6NerFLwt4Zl3IGRhAHGDTEFMsUcsgBnOyHOl1_A7R8eSlwUL0xeFkn_QqQtahOKqBVJcw0D0LhptlE3ZdiG1Q7U8WQrofV9edpt1IDrG6NE4v2kBrG4LNJeupH5N8W7KkiyTQUXPpsTxFDYXYX7cVU1vxr1nxWQw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
p
a.audrte.com/ Frame 25AD
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=&google_gid=CAESEJ440QWNRYuCosZN7Qofv3w&google_cver=1
  • https://a.audrte.com/p
68 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
18.213.137.182 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-137-182.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 25AD 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
match
ps.eyeota.net/ Frame 25AD
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=6780421372029519068
  • https://ps.eyeota.net/match?bid=kh51m51&uid=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=kh51m51&uid=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://ps.eyeota.net/match?bid=kh51m51&uid=dd3jt8Yf2mGTM6iRxqinWLeAw&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
rt=ifr
bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/ Frame CD16 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.157.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-157-118.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
411234db8bb3442a262cea6e49ab761da464dae31a17ab7bfa705a67680c52be

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache
content-length
1263
content-type
text/html;charset=utf-8
date
Sat, 09 Apr 2022 16:41:35 GMT
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma
no-cache
server
Jetty(9.4.38.v20210224)
x-server
10.45.6.203
bsTd8NdE
sync-tm.everesttech.net/upi/pid/ Frame CD16 		85 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?gdpr=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D%2Fgdpr%3D1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:35 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1649522495.153860,VS0,VE93
x-served-by
cache-hhn4071-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
cache-control
no-cache
accept-ranges
bytes
content-type
image/png
content-length
85
x-cache-hits
0
ibs:dpid=121998&dpuuid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D%2Fgdpr=1
dpm.demdex.net/ Frame CD16 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D%2Fgdpr=1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.67.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-67-18.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
usersync
pixel-sync.sitescout.com/connectors/lotame/ Frame CD16 		0
191 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/connectors/lotame/usersync?gdpr=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID%2Fgdpr%3D1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
usermatch.gif
beacon.krxd.net/ Frame CD16 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.40.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-40-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:35 GMT
cache-control
private, no-cache, no-store
x-request-time
D=37 t=1649522495
x-served-by
beacon-n008-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
5907
tags.bluekai.com/site/ Frame CD16 		62 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=69e1ec92d7d4034351e786f5b42c97cc
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-42-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Sat, 09 Apr 2022 16:41:35 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif
gdpr=1
sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3438805548955832676/ Frame CD16
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/1fa7ad1e02ac4a81b5ef4a7b39a1f9bd/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D/gdpr=1
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3438805548955832676/gdpr=1
49 B
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3438805548955832676/gdpr=1
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=769099786/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20securityaffairs.co/rt=ifr
Protocol
H2
Server
3.248.131.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-131-63.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:35 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
expires
0
cache-control
no-cache
x-server
10.45.2.7
content-type
image/gif
content-length
49
x-consent
absent

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=3438805548955832676/gdpr=1
pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
SPug
simage4.pubmatic.com/AdServer/ Frame 6CD8 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156631&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3Dfa2cdb69ce172e9b%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.121 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:36 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
PugMaster
image6.pubmatic.com/AdServer/ Frame E268 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=90189659&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
597a20ae456a354242f64cbda748e949601b2ee0d33bf72ec106ed951a949747

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1778
content-type
text/html; charset=UTF-8
PugMaster
image6.pubmatic.com/AdServer/ Frame D54E 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=92268868&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.23 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
597a20ae456a354242f64cbda748e949601b2ee0d33bf72ec106ed951a949747

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1778
content-type
text/html; charset=UTF-8
Pug
simage2.pubmatic.com/AdServer/ Frame 71DF
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 14:49:32 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug005:2:274

Redirect headers

content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
server
_
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 181F
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b2d324ed-198b-49d9-8856-77f4d7c2c382-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
53 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b2d324ed-198b-49d9-8856-77f4d7c2c382-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4032-HHN
x-timer
S1649522497.125852,VS0,VE12

Redirect headers

accept-ranges
bytes
content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=b2d324ed-198b-49d9-8856-77f4d7c2c382-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6960-MXP
x-timer
S1649522497.061887,VS0,VE26
x-vcl-time-ms
26
Pug
simage2.pubmatic.com/AdServer/ Frame C2CB
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1649522497080
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
42 B
374 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 14:49:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug005:0:394

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Sat, 09 Apr 2022 16:41:37 GMT
etag
OPTOUT
expires
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
pragma
no-cache
server
Tengine
Pug
simage2.pubmatic.com/AdServer/ Frame 635B
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
1 B
164 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 16:41:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug022:0:480

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Sat, 09 Apr 2022 16:41:37 GMT
expires
Fri, 08 Apr 2022 16:41:37 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
Pug
image2.pubmatic.com/AdServer/ Frame 6280
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=U6jZtrHyD3iOz7NUQbdRYg
42 B
244 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=U6jZtrHyD3iOz7NUQbdRYg
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 16:41:38 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug011:0:499

Redirect headers

cache-control
no-store
content-length
153
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=U6jZtrHyD3iOz7NUQbdRYg
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame C173
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=jneLRYt4QXlUOxwGAz4iBtlAlwk
42 B
375 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=jneLRYt4QXlUOxwGAz4iBtlAlwk
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 14:40:48 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug012:0:314

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Sat, 09 Apr 2022 16:41:37 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=jneLRYt4QXlUOxwGAz4iBtlAlwk
/
spl.zeotap.com/ Frame E268
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=6737471F-6A7F-4F2E-9E40-06245DED3FE6
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=319376c5-9625-4c33-b391-6a27fbdfa8bb&icm
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=2b614e5b3614df38/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1
  • https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
95 B
578 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:37 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6f94b0f79b975a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://spl.zeotap.com?zdid=1332&zcluid=2b614e5b3614df38
content-length
0
Artemis
aud.pubmatic.com/AdServer/ Frame E268
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
Protocol
H2
Server
104.36.113.68 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

date
Sat, 09 Apr 2022 16:41:37 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame E268
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
42 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
77.243.60.138 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
frontend-id
14
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
frontend-id
5
location
/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
g.pixel
aa.agkn.com/adscores/ Frame E268 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.148.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-148-208.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:37 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
expires
0
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame E268 		0
46 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.233.206.192 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:37 GMT
content-length
0
content-type
text/plain
d1ba4609
rtb.gumgum.com/getuid/ Frame E268 		35 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:37 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
/
spl.zeotap.com/ Frame D54E
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=6737471F-6A7F-4F2E-9E40-06245DED3FE6
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
  • https://pixel.onaudience.com/?partner=147&mapped=319376c5-9625-4c33-b391-6a27fbdfa8bb&icm
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=2b614e5b3614df38/gdpr=1/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=1fa7ad1e02ac4a81b5ef4a7b39a1f9bd&gdpr=1
  • https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
95 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spl.zeotap.com/?zdid=1332&zcluid=2b614e5b3614df38
Protocol
H2
Server
2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:37 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6f94b0f7abb55a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://spl.zeotap.com?zdid=1332&zcluid=2b614e5b3614df38
content-length
0
Artemis
aud.pubmatic.com/AdServer/ Frame D54E
Redirect Chain
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=
  • https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&gdpr=&fbounce=1
  • https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
Protocol
H2
Server
104.36.113.68 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

date
Sat, 09 Apr 2022 16:41:37 GMT
via
1.1 google
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=6737471F-6A7F-4F2E-9E40-06245DED3FE6&addseg=19,36,42
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type
text/html; charset=utf-8
alt-svc
clear
content-length
141
info2
uipglob.semasio.net/pubmatic/1/ Frame D54E
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
42 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
77.243.60.138 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
frontend-id
3
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:34 GMT
frontend-id
0
location
/pubmatic/1/info2?sType=sync&sExtCookieId=6737471F-6A7F-4F2E-9E40-06245DED3FE6&sInitiator=external&gdpr=0&gdpr_consent=
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
g.pixel
aa.agkn.com/adscores/ Frame D54E 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.148.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-148-208.eu-central-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:37 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 9D12
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 12:07:26 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug021:2:308

Redirect headers

content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
server
_
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 9B93
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=72acd639-4b94-4218-9ba7-e6fec17f46e6-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
147 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=72acd639-4b94-4218-9ba7-e6fec17f46e6-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.44 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-hhn4032-HHN
x-timer
S1649522497.125973,VS0,VE8

Redirect headers

accept-ranges
bytes
content-length
0
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=72acd639-4b94-4218-9ba7-e6fec17f46e6-tuct94b3cc1&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-mxp6960-MXP
x-timer
S1649522497.061958,VS0,VE27
x-vcl-time-ms
27
Pug
simage2.pubmatic.com/AdServer/ Frame 11CD
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1649522497106
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
42 B
375 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 08:56:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug023:0:505

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Sat, 09 Apr 2022 16:41:37 GMT
etag
OPTOUT
expires
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
pragma
no-cache
server
Tengine
Pug
simage2.pubmatic.com/AdServer/ Frame F46E
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
1 B
145 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 14:43:36 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug015:0:301

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
138
content-type
text/html
date
Sat, 09 Apr 2022 16:41:37 GMT
expires
Fri, 08 Apr 2022 16:41:37 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:363B886755E84EE2BA063EFB46881D49
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame D54E 		0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.233.206.192 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 09 Apr 2022 16:41:37 GMT
content-length
0
content-type
text/plain
Pug
image2.pubmatic.com/AdServer/ Frame 0E32
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=yoGmaFx-BBKs-9GmQbdRYg
42 B
399 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=yoGmaFx-BBKs-9GmQbdRYg
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 16:41:38 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
lhrpug010:0:495

Redirect headers

cache-control
no-store
content-length
153
content-type
text/html; charset=utf-8
date
Sat, 09 Apr 2022 16:41:37 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=yoGmaFx-BBKs-9GmQbdRYg
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 6C04
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=giM0CgmOQqlOykQPxMSputlAlwk
42 B
375 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=giM0CgmOQqlOykQPxMSputlAlwk
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Sat, 09 Apr 2022 14:42:17 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
x-lat
sfopug013:0:489

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Sat, 09 Apr 2022 16:41:37 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=giM0CgmOQqlOykQPxMSputlAlwk
d1ba4609
rtb.gumgum.com/getuid/ Frame D54E 		35 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.2.116 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 09 Apr 2022 16:41:37 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
fonts.googleapis.com
URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing object| st object| __stdos__ function| __sharethis__docReady object| __sharethis__ string| GoogleAnalyticsObject function| ga object| dataLayer object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| FB object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| twemoji object| wp object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager object| _mN object| _mNSrv function| setup string| _mN_Idf string| _mN_ctrM number| _mN_ctr object| mnjs object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE object| _mNadPrvLog function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture function| onYouTubeIframeAPIReady boolean| isPending string| prebid_file function| findCMP_PixFuture function| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

129 Cookies

Domain/Path Name / Value
.securityaffairs.co/ Name: _gid
Value: GA1.2.2122932841.1649522492
.securityaffairs.co/ Name: _gat
Value: 1
securityaffairs.co/ Name: session_depth
Value: securityaffairs.co%3D1%7C184323154%3D1%7C647633027%3D2
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1649522491.1.0.1649522491.0
.securityaffairs.co/ Name: _ga
Value: GA1.1.135510834.1649522492
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adsrvr.org/ Name: TDID
Value: 319376c5-9625-4c33-b391-6a27fbdfa8bb
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%22319376c5-9625-4c33-b391-6a27fbdfa8bb%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-04-09T16%3A41%3A31%22%7D
.rubiconproject.com/ Name: khaos
Value: L1S33NXA-X-CCC5
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2RL1pS74kVFTpcd3HBZZ775PzI6EyVJjlVAthPpLFZy05GDA2Gz8K75FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
.go.sonobi.com/ Name: HAPLB5A
Value: s569|YlG3P
.adnxs.com/ Name: icu
Value: ChgI3sJXEAoYASABKAEwu-7GkgY4AUABSAEQu-7GkgYYAA..
securityaffairs.co/ Name: cto_bidid
Value: lJtJN19hdXZHQWlJWHhxVlRwalNjVEVhUHJlV2NGJTJCMHJkdUliTEpCVE10QUtLWDlsZUtHU2pqaktUS0tYTmhzMHVrM0JkOUIwdFFIR2hOQk9nSVZjV2p4UGpRJTNEJTNE
securityaffairs.co/ Name: cto_bundle
Value: u8jXJl9OVWtBQjJ0cDBQc0FSeW5ZOEgzTm56NUUwRiUyRjVjVzVTelFFbUMzVWJMdktKblRjcTN5aWh6JTJCdFdqeEJwSFpOVmdadWk4V2E2V21LMVJxVjBFNjJrMjd1cGJYdjVGS0ljaiUyRlFsMVIyWFdyQVloUFRBcFklMkYxeTRQTXBqSnhTTnFz
.adnxs.com/ Name: uuid2
Value: 8510518999554731344
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: ANpiMr/D0KRIDjmb
.casalemedia.com/ Name: CMID
Value: YlG3O8..O3n0hOcaloMf2gAA
.casalemedia.com/ Name: CMPS
Value: 5203
.zeotap.com/ Name: zc
Value: f0174930-1ab8-4528-6046-6b798887b0e4
.zeotap.com/ Name: zsc
Value: %2A%B8%81%3D%887%E7i%0E1%BF%C9w%25%29~%A8v%CA%1Fg%15%FDd%E3%5C%89F8c%EF%8CY%2B%89El5%A9%B5%29%D5%8C%F2%16%9C%E1%26%B0%D3%CE%C6%D2%C2%0E%CB%DF%96%94%9A%13JN%C9%21%F9%96%D3%DF%A1%CF%83%DE%8A%853%99v%8E%95%FCPz%EAx-%D2%0C%C7%5D%80%C2%90%EE%04%BF%0Eb%A4%60%93%C2%C3%0B%B0%FD%04%D9%B6%17%DD%A6S%E7O%83piz%96%DBC%40%F9%F4%C2K%B8%C6%C6%B1%5B%B8%BF0S%93R%7D%DB%0A%00%CEx~%AA0%89%C9%11%88%0E%9EX%F2%A8%E6%85%AC%8C%89%EB%E4%D3s%88%C4%AF
.casalemedia.com/ Name: CMPRO
Value: 1170
.agkn.com/ Name: ab
Value: 0001%3AoZprw6PMKIy%2FzmY3mk78Ju4j7TIcQ9mb
.richaudience.com/ Name: avcid-zeo-uid
Value: f0174930-1ab8-4528-6046-6b798887b0e4
.tapad.com/ Name: TapAd_TS
Value: 1649522492146
.tapad.com/ Name: TapAd_DID
Value: f3d22f60-eb70-4926-9344-0ae9dff92b2c
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.tidaltv.com/ Name: tidal_ttid
Value: d8a67105-0d96-4d59-94ed-d3e1d3636bf1
.w55c.net/ Name: wfivefivec
Value: 7uSuhjaM1NDe9u5
.demdex.net/ Name: demdex
Value: 62323517783589047982982618089287176966
.doubleclick.net/ Name: IDE
Value: AHWqTUn4yCvESWOb9aqrI9CbeStBvqaQ-uVqltd5H9IvmkVa_p9pdpKmeXj73ee4y8E
.w55c.net/ Name: matchcasale
Value: 5
.adfarm1.adition.com/ Name: UserID1
Value: 7084645157161400465
.weborama.fr/ Name: AFFICHE_W
Value: Tt02d1ztHB9O68
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NrAwsjK0MAIAzCXdKgkAAAA="
.dpm.demdex.net/ Name: dpm
Value: 62323517783589047982982618089287176966
.theadex.com/ Name: axd
Value: 4290910260163890855
.theadex.com/ Name: tis_JgL
Value: JgLeAv4w
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 1fa7ad1e02ac4a81b5ef4a7b39a1f9bd
.krxd.net/ Name: _kuid_
Value: OxLfvjBn
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YlG3PAATV341YQAy
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQU5waU1yL0QwS1JJRGptYiIsImV4cGlyZXMiOiIyMDIyLTA0LTIzVDE2OjQxOjMyLjM4NDE2MzMxOFoifX0sImJkYXkiOiIyMDIyLTA0LTA5VDE2OjQxOjMyLjM4NDE1MzM5MloifQ==
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A-dumfof0UR6jOITkXzdu8Q
.securityaffairs.co/ Name: __gads
Value: ID=12f98a104234378a-2278a05a73cd0087:T=1649522492:RT=1649522492:S=ALNI_MaTz9dr6xxXfjrspTfeKfkfaDtX7A
.fwmrm.net/ Name: _uid
Value: "o2d3f_7084645157157214493"
.mathtag.com/ Name: uuid
Value: af476251-b73c-4000-9774-8360e728a3e2
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 6737471F-6A7F-4F2E-9E40-06245DED3FE6
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 156631:2
.pubmatic.com/ Name: DPSync3
Value: 1649548800%3A174%7C1650672000%3A201_197%7C1650067200%3A164
.pubmatic.com/ Name: SyncRTB3
Value: 1650672000%3A48_176_239_57_54_5_7_104_8_204_240_244_166_3_13_71_165_56_231_55_22_220_21%7C1652054400%3A224%7C1650067200%3A38_223_15_2%7C1650758400%3A35%7C1650326400%3A63
.casalemedia.com/ Name: CMST
Value: YlG3O2JRtz0A
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In?>DH*'!A#Fk.TOKKnyW<U1`VROYQM-:J3YiMa=IP-9*5Q8D`)eIL]dnDJ1lB-KO5(<<QG=%9sk@3@'s>T>E^l#
.bizibly.com/ Name: _BUID
Value: 68a250cacb9633cbf8a08d4cea06f9df
.adform.net/ Name: C
Value: 1
.w55c.net/ Name: matchpubmatic
Value: 5
.adform.net/ Name: uid
Value: 6780421372029519068
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwjSto7qupTNOhAFGAEgASgCMgsI0q6Rl9GUzToQBTgBWghwdWJtYXRpY2AC
.yahoo.com/ Name: A3
Value: d=AQABBDy3UWICEAj5-SjWmXpErWnZLGUcoisFEgEBAQEIU2JbYgAAAAAA_eMAAA&S=AQAAAmqCVPkuNOcFDUCJjaOYe14
.acuityplatform.com/ Name: auid
Value: 662108089712
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBQANmPD2wmGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUADZjw9sI90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.casalemedia.com/ Name: CMRUM3
Value: 2f6251b73b05a0&6f6251b73b05a0&036251b73c2760a6986251-b73c-4300-a637-e6ce051086ed&e66251b73b2760&2d6251b73d2760CAESEMFF3jE5YOcbQGGZRjO2nHU&c36251b73b05a00&276251b73b0b40&f16251b73b05a0
.quantserve.com/ Name: mc
Value: 6251b73d-5fdd5-1fed7-c9f90
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~248g
.turn.com/ Name: uid
Value: 3438805548955832676
.simpli.fi/ Name: suid
Value: 363B886755E84EE2BA063EFB46881D49
.bidr.io/ Name: bito
Value: AAET_07Eo24AADXeFOxC8A
.bidr.io/ Name: bitoIsSecure
Value: ok
ads.playground.xyz/ Name: connect.sid
Value: s%3A2AEtJgD90zAjUxn_nAGEzmXM2cMoguYC.KdhTXOlr4%2BYwUt%2B2DS1wI6nUKz0%2Bvl9NzU7q2m7Nhss
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAOOSMXR2dA129TFyCbZ0zvBxdPKPKsgzSrb0LDJ3yw_iNTQzsTQ1MjKxNDY1NHzFiMI3AgAI_7FPPQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNrOwNDIxNzMwNDE0NTMzNDKwtBTiM9RN9w1JCy8IiUj1D00FAOrjXnolAAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAAAOOSMXR2dA129TFyCbZ0zvBxdPKPKsgzSrb0LDJ3ywcALaJloR4AAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNrOwNDIxNzMwNDE0NTMzNDKwtBTiM9RN9w1JCy8IiUj1D02V4jU0M7E0NTIysTQ2NTQEANv1V7M0AAAA
.creative-serving.com/ Name: tuuid
Value: aa5298fb-f0ec-4e56-a17f-a79025fcdc6d
.mathtag.com/ Name: mt_mop
Value: 4:1649522493
.inmobi.com/ Name: idsp_c
Value: fbc17853-c966-4aba-a655-35b323199b22
.ipredictive.com/ Name: cu
Value: ea599bd3-b823-11ec-b297-832d259745f8|1649522493675
.w55c.net/ Name: matchgoogle
Value: 5
.quantserve.com/ Name: d
Value: EJMBDgHuJYEO-TA
.tribalfusion.com/ Name: ANON_ID
Value: avnseFtMPmEUTgUpMDVfglBSFVpAkfM3gKvVPparcbGHQ7TcbyldGEtZbDI9l2FoTRdMCrb32XH5AnZceZaMCMB
.3lift.com/ Name: tluid
Value: 9409566637946468346
.bnmla.com/ Name: rx_sspurl_10738
Value: https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D300e7c7f-c119-463a-a029-d63a1b5cf1e4
.bnmla.com/ Name: rx_uuid
Value: 300e7c7f-c119-463a-a029-d63a1b5cf1e4
.bnmla.com/ Name: rx_maxage_10738
Value: 1650818493
.mxptint.net/ Name: mxpim
Value: R1D530_EE116DC4_4F17F1EC.1.00000000000000006251B73D
.bidswitch.net/ Name: tuuid
Value: 0cacc7af-3cb6-468a-8b46-87d17171d230
.bidswitch.net/ Name: c
Value: 1649522494
.bidswitch.net/ Name: tuuid_lu
Value: 1649522494
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 2a21b688acd6482d
.adhigh.net/ Name: gi_u
Value: uMXtlfjmE6K8.AikABlGADzPKkg
.bnmla.com/ Name: rx_sspid_10738
Value: 170
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEMfUYK4PGpN7Iyv8NlDhSIQ&KRTB&16514-CAESEMfUYK4PGpN7Iyv8NlDhSIQ&KRTB&23025-CAESEMfUYK4PGpN7Iyv8NlDhSIQ
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N&KRTB&19420-1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N&KRTB&22979-1nemtYJyoODNcPXghHC-tYYg97PNJqri2XWokF4N
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-8510518999554731344&KRTB&23339-8510518999554731344
.mfadsrvr.com/ Name: tuuid
Value: 1e4e8327-38be-410f-904c-e9a98857e2d0
.mfadsrvr.com/ Name: c
Value: 1649522494
.mfadsrvr.com/ Name: tuuid_lu
Value: 1649522494
.mfadsrvr.com/ Name: ssh
Value: !bidswitch,1649522494
.mfadsrvr.com/ Name: bsw_uid
Value: 0cacc7af-3cb6-468a-8b46-87d17171d230
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-34e415d5-1158-4e3b-a4f9-eff6a566833e
.pubmatic.com/ Name: PUBMDCID
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:af476251-b73c-4000-9774-8360e728a3e2&KRTB&16736-uid:af476251-b73c-4000-9774-8360e728a3e2&KRTB&23019-uid:af476251-b73c-4000-9774-8360e728a3e2&KRTB&23208-uid:af476251-b73c-4000-9774-8360e728a3e2
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-ea599bd3-b823-11ec-b297-832d259745f8&KRTB&23011-ea599bd3-b823-11ec-b297-832d259745f8&KRTB&23355-ea599bd3-b823-11ec-b297-832d259745f8
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R1D530_EE116DC4_4F17F1EC&KRTB&23092-R1D530_EE116DC4_4F17F1EC
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YlG3PAATV341YQAy&KRTB&22978-YlG3PAATV341YQAy&KRTB&23194-YlG3PAATV341YQAy&KRTB&23209-YlG3PAATV341YQAy
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:7uSuhjaM1NDe9u5
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-662108089712
.technoratimedia.com/ Name: tads_uid
Value: GDPR
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 5a924d63-76d4-4912-bc83-0e8b3611ad78
beacon.lynx.cognitivlabs.com/ Name: ss
Value: Awf6AxnRlWwWJvm%2FwPvNhPb4eq93SgSUt79XTUJ7YRAFLhPDGQe4EOdROHkeaDjahlNvgZodo3dRRzvKlUMj%2Fw%3D%3D
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-7652430638150434878&KRTB&23263-7652430638150434878
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3438805548955832676
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-319376c5-9625-4c33-b391-6a27fbdfa8bb&KRTB&22918-319376c5-9625-4c33-b391-6a27fbdfa8bb&KRTB&23031-319376c5-9625-4c33-b391-6a27fbdfa8bb
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-0cacc7af-3cb6-468a-8b46-87d17171d230
.pubmatic.com/ Name: PugT
Value: 1649515245
.pubmatic.com/ Name: SPugT
Value: 1649515988
.eyeota.net/ Name: SERVERID
Value: 20932~DM
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMExLNE9MMUw1MEpMNkm0MEwyTU0zSTRPMrZMNEyzTEphAIKkwO32f%2F%2F%2F%2F88P4kAAANYHD3Q%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBICtxuD6SgAAAU1AGq"
.audrte.com/ Name: arcki2_ddp
Value: CAESEJ440QWNRYuCosZN7Qofv3w!20210804!1649522495089
.audrte.com/ Name: arcki2_adform
Value: 6780421372029519068!20210804!1649522495190
.audrte.com/ Name: arcki2_TTT
Value: 1649522495191!dd3jt8Yf2mGTM6iRxqinWLeAw!H4sIAAAAAAAAAB1VS5IkNwg9jNZEIIEELL3wwjFhLybmAqDP/Y/gl72o6OpKJYL3g9cdcnLTGTdIXiXF6EkVss+UM16vdurUWprEcQ9JeVBqBQ3tNp66ia3G3OWtUcSXi7TPR57KtNfeNkpWxmv7DM39hK6mkgQnueeg7lXxak2u3swrb2gnlsR18jrl40le77k+szjWzrFh0TcNVyedy9GzTdo3bcfymC/buHN77IFfV5DWnVS4itij/Mx36822HGM/VrJpDgiGUWg9nBzruZee01vcSM1V6OQ75BMQ7DUp9up2u17W15ZI8XYm41DSuEU1cadvY6mDvo634jvUw+mkTOC0F0WWkGvKilzXx2vTTwfy6Mnlkt7AoV6d1uBTe6c+X23dCzjR7vQ4gKAc7RwjF+Fblw/Xbtr9upxNK+ySXH4UDFrqrd21RhcdTcFNSU662x+pKaZ3C3rXwObdkuXNdi2vnXTOSFLRIIhkgaA4fAwAHWmQjHjhVd2ySU4N0PaBdbJ7Fks/t/3z379//f719x8aNhYNZg2L9k74PILWgkF7x1t+TanUj3XO6pfb3XfYEUjxiAE9CCiYGei9I1HT85xmdk0S45wEcKoxcChxaPXTcwHJO1sm1LbjknVAqB/3admps1/I56HCbdnH4P5Q5D3MNNZBJZ/0Zuc1s2pxtlSrzRK0ZAtUBqOgdtHYc+uBK94IMDp1d8c4IhDQcYHAjhKPd1aNydBOs++hTbSbwEE/j1QA8blObHU49b02ngeoVzC6YbRRm/ztSw7VGuqyXGsXaJ4I8Bjzm84HJcem9CcePMqU214F8xl6hkdJz8DFBl/jZb0KW7B6E5U1Hy/ae/wcOhihIMpYw0H6k46eJpTyoSNr2Yc4zH9gKeADzYwhYtL4TkvDzC/MPpUJ5QBsFfjzue1D/E2cCCladdHYhIoqkUodrX7VojrMz/sBczRR/CmfP73eRQUAA4YdoaftDZfCc4gpgagncPT7iradMgdB0EH7ftk1nAaaQDnEBARyqYN55JrPJdaUMXv2oiPj6wnYw3EFo8GNs6/uW9vZgKvDaIdBsNp+qLSd7uwXju32Htzo72FUwaEHgg1uK0Zg3AutPF0LLmxHD5Q6wOg7nQSahrwXwDxXAi5//rgpZLCCOxnIggp+aOkGh9d1Hdv1yxqLWG/C1wGWZbtRbSivC4Laq8P80hyW6t4VogMOgpyDEeoDM8oMebRltjp9zZ4oMjNJeOI5yIAGb7z0PT5fb8+rE8r/eIKD4Ztcin99jC0xxJ40ENUTKQrlI0EEK4W+9UIzp8kx69gc7eYGswjuhYgA4h3yjQv53hwrHWixNKRsSmFwMI1KYAIOvzg5H1aBYTbYPGAtdkQjPsBJcCgzcSeHj1iGkOWGThlyf8iCD0KHkHEdku6No/M4n2AsuNyhX+opNpLiOzm/xIIrNTxa83rzMCQVKt3zWQoBin2Kzep4gAEWRO7YODAhmMZ0e37mQ0i+QCDshVUyFavttYy+rmALqmPL6WA8B9IUF3nmXTYiqwU24M90o3p8vsNGsgPYngpM/iXZazWFETNfDGCzo/5nuY64w+zoFdrrijjECIGQtDE/mydW3QGY/E7pg+yO9jZyI2PQDoyBclgwVIVUGMMYm/YhefR/OXd4v1IIAAA=
.audrte.com/ Name: arcki2
Value: dd3jt8Yf2mGTM6iRxqinWLeAw!20210804!1649522495278

13 Console Messages

Source Level URL
Text
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 321)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 322)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 323)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html(Line 324)
Message:
Mixed Content: The page at 'https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=225d2128214efd4cb439b1095d30ca5b'. This request has been blocked; the content must be served over HTTPS.
javascript error URL: https://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://tags.bluekai.com/site/87734?id=f0174930-1ab8-4528-6046-6b798887b0e4&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=f0174930-1ab8-4528-6046-6b798887b0e4&reqId=f8d49230-92b1-4978-70db-63adb58ea8c8&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)
network error URL: https://idsync.rlcdn.com/420486.gif?partner_uid=6737471F-6A7F-4F2E-9E40-06245DED3FE6
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://s0.2mdn.net/sadbundle/4972692307066224640/visual.png?1646317800542
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.rfihub.com
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
aud.pubmatic.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
buttons-config.sharethis.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.bizibly.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
code.createjs.com
connect.facebook.net
contextual.media.net
cs.chocolateplatform.com
csync.loopme.me
d.turn.com
dis.criteo.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
docker.creative-serving.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
gocm.c.appier.net
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lg3.media.net
loadeu.exelator.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mweb.ck.inmobi.com
mwzeom.zeotap.com
nep.advangelists.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.adhigh.net
px.owneriq.net
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssp.adriver.ru
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.ipredictive.com
sync.mathtag.com
sync.richaudience.com
sync.srv.stackadapt.com
sync.teads.tv
sync.technoratimedia.com
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
visitor.fiftyt.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
api.rlcdn.com
fonts.googleapis.com
104.17.120.107
104.36.113.107
104.36.113.23
104.36.113.24
104.36.113.68
104.45.178.220
104.89.20.125
104.89.42.102
104.92.106.130
104.92.74.8
104.92.91.221
108.157.4.79
132.226.63.138
142.250.186.162
151.1.205.165
151.101.1.108
151.101.129.44
151.101.2.49
152.195.15.58
154.59.122.79
157.245.94.128
159.203.145.121
168.119.149.178
169.197.150.7
169.50.137.184
172.104.105.5
172.217.16.130
178.162.133.150
178.250.0.157
178.250.0.163
18.156.0.31
18.196.230.57
18.197.103.129
18.198.109.212
18.213.137.182
18.233.206.192
18.64.115.87
185.15.245.80
185.33.220.244
185.33.221.88
185.64.190.80
185.86.137.132
185.86.137.32
192.0.76.3
192.0.77.2
193.0.160.129
193.232.150.45
198.148.27.140
2.20.85.164
2.20.85.92
2001:678:cb4:bbbb::11
2001:678:cb4:bbbb::13
2001:8d8:100f:f000::289
204.237.133.116
204.237.133.121
205.234.175.175
209.54.180.3
212.129.3.113
212.82.100.182
213.19.147.45
216.200.232.249
216.58.212.162
23.35.228.210
23.88.75.189
2600:1f16:e61:3f02:77d9:b48f:f0d0:e412
2600:9000:2057:4200:3:c04e:c780:93a1
2600:9000:2156:9e00:1b:5138:8a40:93a1
2600:9000:224a:8600:c:abe:f440:93a1
2602:803:c004:200::140
2606:4700:10::ac43:db6
2606:4700:20::681a:a9c
2606:4700::6812:bcf
2606:4700::6812:c05
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1450:4001:800::2002
2a00:1450:4001:800::2004
2a00:1450:4001:80f::2006
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a02:2638::1c
2a02:26f0:f7::5c7b:e14b
2a02:fa8:8806:16::1400
2a03:2880:f02d:12:face:b00c:0:3
2a04:4e42:600::300
2a05:d018:24:b001:d380:435c:59d4:5fe8
2a05:d018:d29:3601:cf48:bf87:67aa:ca6e
3.121.27.153
3.122.214.5
3.124.66.16
3.248.131.63
3.68.148.208
34.102.253.54
34.107.148.139
34.149.20.76
34.204.146.63
34.240.234.119
34.254.143.3
35.156.243.46
35.157.246.167
35.158.2.24
35.186.253.211
35.201.81.244
35.201.96.126
35.227.248.159
35.244.159.8
35.244.174.68
37.157.6.247
37.157.6.252
38.27.122.126
38.67.14.233
5.178.65.246
5.178.65.253
50.19.100.94
51.210.112.236
51.89.9.253
52.17.2.116
52.208.40.40
52.21.142.155
52.223.40.198
52.31.67.18
52.49.96.153
52.94.223.37
54.210.33.215
54.220.157.118
54.227.164.149
54.36.109.186
66.155.71.25
67.202.105.23
68.183.31.14
69.173.144.138
69.173.144.139
72.251.241.206
72.251.249.14
76.223.111.18
77.243.60.138
81.222.128.216
85.114.159.118
92.122.146.68
00a1da9e7f9199ebe8d743499cd7fef4d18cfd0ae182c5cfaa20ab91625a2b13
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
052047c0e5468198b5cc802354aebdb9749eed0f4d926fe4851a691aed674668
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0a07e0b5ee4f65df28e109c0ef5eec58436c39d98523bc17c82ea31bf0469ed1
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0cadbd2e8dc217ca19dbdfe30fac1856306657a997560ab2a3a980199eff7128
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fc0e68089ddb985440dc77a82573458b59327f722b9c73d2753c182f80127b4
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
10a0a5fe9c7f5950419c869e9be593b0dde7eb3dcd6c832f755af3ba652a8b6c
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12c89195053b32c8e6577a5049ef4b5f6aa0a3f38cc0b87a745dd5fb6d9959cc
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
13f0d6723c8ba5f5bff66a29bf4468c75ca84ff96658ed0042c003f5cc584ec1
149bccf7e467541fc83e870e967ac322b26065e5d6797169c8a677a67db07e60
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1a5b2672823a1a10d7ae5c4af371d3a09598d1c2815c8b09cb258bd17bccf96e
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1ae480b451cadee009d6eef362c365565b353008e612c6227f406e363a4c8f61
1b30677bb8f705a0c631465390005591afa8ede8ab844294420167cbd58edcb4
1c6908ef211abd0afdd036ce20bd89640e9d0115f47072c667be3e312fa976c3
1eaf36dc9d282d821d2391a84caa90b4cc9321f0f6659c3a14ca49fa4ac7d6db
2009947877d98642a916b7c0555efc42b0e304c165115cdb8110efa157fbac76
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
2161be8fcae33d1ce2d747dee6ae80abe1fae6d936d50c10ca2dab7ec43333c3
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
231cde721cecb243d0718a1e262f704a8f5dc8aacba3411b60e848fafecdcd61
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
26d332db7632dc593fe9071314ae6f09822dc52eb86c02170a315a9a877a2b35
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f51b9e3e439008fe0945a3c4a5b4c2283f2d4d6c712627df1a6f37747e95a2e
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31784946c61ddc4ed4fd773b447de52940b171254d476cd72fde44081d013066
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
343b262a65ff91535831954dd1886bdede21b94c49bc058adb8f7282118fdb6b
34f8112e95fecade5f7bd85c7dd2a01894740d08a105808534f49254a47f9462
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
38b4ba470057e4304acde8a65bf75faeb4053c6b14acc0adab47e5ef75dea7f7
3b732a2608a1921a51da823f29bdb9f6a7e6a2c1f41f24906282a066dccf3730
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
411234db8bb3442a262cea6e49ab761da464dae31a17ab7bfa705a67680c52be
414363cb8150c2f60382da1d5a33f260caad65a54d6933e6b28534763d388db8
416aa3c5a81ff9fb364973e1d59414dc13e5194344da0e1898ed33561ab3b1eb
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45df10c585e01c07a3602ed16c1c6842d2572d6b15bceff9cb1f58256d330e31
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49446668bdfee59a73c82fbd3d2c80c93d630b750d9d908644b59b9c58230d6e
4a167665da88a694dacc771ab87d39db98f5e0f7ceb108a144a8a6f00aced130
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b3754a68b1b29877c15f4d7639b6095029350290b0c5293168f3a921ca94f2d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
536386f4e5a08dcde004ad0d24c4ea816a2054ba53f5da25ebb12fa4493f693f
53a95d7f4cf5dc53b4e58936c92fd6a937975b8835b9c528a95c25ccfbf20801
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
597a20ae456a354242f64cbda748e949601b2ee0d33bf72ec106ed951a949747
5da8508979b65eb345641eb8008fa292e6549f303621adf6298d7e2cc2d48b90
6071f4e4c890545ad0f59302890def2aebb273acd131ed7ec434b26dfebad1e2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6273e428b040bbb9a8113dcfa30bdc03d8c3eb2632fbf4f6f5f9153d72ea2689
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
661a9cced29ce8a5f33a6f1e01a579b401a4c54090f35db034f62b97ed34c4c2
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
67289e231e0f7e5160b64d6761481954fbd89cc2f3cd3bf469fca94d7b4d6c87
6a125fbe4070d4f556a5eda88e89d134b4b92e51fa932e71695f0b34b31ed499
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cd7f3f18d01a13bc78c9b5f973cbae5e20dbab6893435c59dd7aef57f4b98de
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
738b0dff97289a490e0472cca7d25e291a7ea70c850bfee1e264e9ad87a4a97b
73bdd9d1d875c04c2bb1086bfe890b0e1e33379bb96a299dcb35df05530215db
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
740c247c9bd5a999ef41802b7a0f41840748fb05178ba1f7b2a5100fc5f52d62
7461039f806f3ed7a92bb0fd8f019f7c5623f9c2ae0e383076006685d7bbb14f
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
781f84be577026800aa10adf6a7f08cae936981272bdb8c22175f449215bb8ab
78c0c4ed9872507a1c1650c6c3aff48f827f90b9aa292c284bd42d729a9a112d
7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8558f0065e6626134905a7421f31a12c4ae038e1a4adef70c1752489ef6cdb2c
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c106f968e6dae4cc1049fd8205860cbd57eba3b59803c5688a1f417b57d9b65
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d67a04d9d51b04da8233d0011d4dc75fb1a8041ba6200e1923c904654764998
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8e51c99aed0db0e1ab0c5c40f3444705cca4e9d2d2600b07e858a28aede4b4a5
8e55ee8e2c9d4e31d463b4dde73978c37da5110984bb9d12a405edf8dbd6c1eb
95c35a27251d6bb9bcea481f5a9cd327e19b45ebbdbc59f6ac328e4f439472a6
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9d5fd52e5f33ef05ea97d0459d3640ee8d5baf17e6a5ae8c2a3646625fc82397
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a344b672c92683117cb63c74c016ff2c88a418ad2fc7fd63c19f4cc8b9826711
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a816d49c9f6ba4190a5e8771b2143c63523c2301ac146fdde25c86ed5d8d2758
a8fc3009cffce31aa4dc6fa0eb0faa77646bae543280844fec0d85f2b4d9c6eb
ab1cf1b11f871b5663fd532ee3d7f105a381deb7847e761adb05eedbc3da11a5
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0031037dda30edc56bf7bed9af80206b759291f3e403ac5964b1290ac9c7a1a
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
b38b16469af42a9ac6c8f858f28f1d6c386a1b78da8a3c61f62e87a3b6e9f37a
b54e0a2c47c0b040938b3f82d49b0a1e252d5ea8ea03f8f078509d62bae39da9
b5ffb395bb9d07af72b3382a34f84fba71999be72d127c083d87c97c86606030
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bf580a218ae0f1b2c97333597214f8102c8cba257289f8845a978279c9763dfa
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c32e4a74253f67b2a55112365f9c4b8350a36b17deba1b47c546cd865faf03fb
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
c3f289a2ae1d365bc0b265c07f49e8ca46733bb1d9ef0e4a110c60ee4fe27d6c
c48cb7408eca742f118168ddf702781ed29bb1e78247eb5e0b1a23e951fcfaa6
c5194cb60c9389280860aca30cbbee122ef98d35bee6cc469588b7ef3c9e4d02
c76cb3955f7e9ad94144cbedd8cfb55feec1f59bb0b142c70f4a743a80532790
c945d44fc78dec7cc962526403d9959c843dea4ba8c6b9dcfc7a24c7a14b7b8c
cad94f93a2d78e3a73e48f108ee72e70ca034b49b3ec8636b2f6c95d9b3ed9f6
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d21b696f7f2cf0dc377e392049004f10eb83fd95c899e703af869e6bf5d5ab85
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d8e7863065ea0936edb79b6e343bcecc86faef68430b0212d2c4761c87616c08
d923ee78c830ba61f65748ff977f348a9b8160f36f05c922b6431428ed693d22
d92426579700626cba082d7ffeeb4a71ba4a3da4005a30fded2a0431920cbfab
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
de5409e29ecaf12077419e5ac94c15efa57f5a368126d60f2314a994a9cd3b12
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
e831842d5c91b2d38de0b98f14031e00e3f56da5b74ea49d5823b9c726f7bbdb
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
ea48132f749efffa965f9084281aa98544379d9fb430e6cc441b6888546b8413
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f7a761c71e69933698cdf0bbe387fbeebeb3de97c36e692f1f924cdeadce993b
f9fae20d30474c95bf8745df26cfa5c62803462a9ee57dd710c8266d7ece3f3e
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb