urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289  Public Scan

Go To Rescan Add Verdict Report
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Submission: On September 29 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 88 IPs in 14 countries across 75 domains to perform 300 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 351341.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
44 2001:8d8:100f... 8560 (IONOS-AS ...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 2a00:1450:400... 15169 (GOOGLE)
1 2 2600:9000:211... 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 4 2.18.235.93 16625 (AKAMAI-AS)
7 68.183.31.14 14061 (DIGITALOC...)
16 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
2 18.197.210.187 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
2 23.35.228.23 16625 (AKAMAI-AS)
2 2001:4860:480... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2 34.250.137.124 16509 (AMAZON-02)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
2 141.95.33.111 16276 (OVH)
4 52.223.40.198 16509 (AMAZON-02)
2 4 185.89.210.122 29990 (ASN-APPNEX)
1 141.95.98.66 16276 (OVH)
4 137.184.242.150 14061 (DIGITALOC...)
2 2602:803:c003... 26667 (RUBICONPR...)
2 35.157.194.177 16509 (AMAZON-02)
2 198.47.127.22 3257 (GTT-BACKB...)
2 69.166.1.9 27630 (AS-XFERNET)
2 10 185.89.211.12 29990 (ASN-APPNEX)
2 185.86.139.95 201081 (SMARTADSE...)
4 216.52.2.39 32475 (SINGLEHOP...)
2 34.107.148.139 15169 (GOOGLE)
2 34.149.20.76 15169 (GOOGLE)
2 3.68.42.108 16509 (AMAZON-02)
4 35.244.159.8 15169 (GOOGLE)
1 35.157.246.167 16509 (AMAZON-02)
1 6 185.172.90.251 49981 (WORLDSTREAM)
21 2a00:1450:400... 15169 (GOOGLE)
3 7 52.72.177.11 14618 (AMAZON-AES)
3 185.172.90.250 49981 (WORLDSTREAM)
2 2 35.171.56.4 14618 (AMAZON-AES)
2 2 72.251.249.13 32475 (SINGLEHOP...)
1 1 92.123.9.160 16625 (AKAMAI-AS)
4 23.205.235.133 16625 (AKAMAI-AS)
1 2 104.18.19.126 13335 (CLOUDFLAR...)
1 205.234.175.175 30081 (CACHENETW...)
1 51.89.9.253 16276 (OVH)
15 2606:4700:10:... 13335 (CLOUDFLAR...)
11 21 142.251.39.34 15169 (GOOGLE)
3 4 35.227.248.159 15169 (GOOGLE)
3 4 37.157.3.30 198622 (ADFORM)
1 2a04:4e42:600... 54113 (FASTLY)
1 2600:1f18:659... 14618 (AMAZON-AES)
2 185.64.190.78 62713 (AS-PUBMATIC)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 34.248.26.113 16509 (AMAZON-02)
1 18.198.69.109 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 34.111.131.239 15169 (GOOGLE)
1 185.15.245.82 24961 (MYLOC-AS ...)
2 3 99.80.120.198 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
1 34.98.67.61 15169 (GOOGLE)
2 54.76.58.201 16509 (AMAZON-02)
1 157.90.211.246 24940 (HETZNER-AS)
1 151.101.130.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 1 18.211.165.216 14618 (AMAZON-AES)
3 5 52.94.222.140 16509 (AMAZON-02)
1 104.96.159.57 16625 (AKAMAI-AS)
1 1 52.30.179.166 16509 (AMAZON-02)
2 6 69.173.144.139 26667 (RUBICONPR...)
2 2 52.58.218.78 16509 (AMAZON-02)
2 8 104.18.18.126 13335 (CLOUDFLAR...)
3 5 52.46.128.147 16509 (AMAZON-02)
2 2 162.19.80.92 16276 (OVH)
1 52.48.190.42 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 185.29.132.241 30419 (MEDIAMATH...)
4 4 69.173.144.138 26667 (RUBICONPR...)
1 1 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:21::14 8068 (MICROSOFT...)
2 142.250.186.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 18.66.97.9 16509 (AMAZON-02)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
1 76.223.111.18 16509 (AMAZON-02)
1 51.158.29.12 12876 (Online SAS)
2 23.35.236.201 16625 (AKAMAI-AS)
2 104.17.119.107 13335 (CLOUDFLAR...)
2 184.51.9.18 16625 (AKAMAI-AS)
1 67.202.105.21 32748 (STEADFAST)
15 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 142.250.201.194 15169 (GOOGLE)
1 152.195.15.58 15133 (EDGECAST)
1 1 172.104.45.159 63949 (LINODE-AP...)
2 2 135.125.160.160 16276 (OVH)
1 202.233.84.1 131957 (MICROAD M...)
1 1 133.186.161.89 45974 (NHN-AS-KR...)
1 1 18.156.0.31 16509 (AMAZON-02)
2 3 2a02:6b8::90 208722 (GLOBAL_DC)
1 3.124.210.90 16509 (AMAZON-02)
300 88
44    2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
securityaffairs.co
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
5    2a00:1450:400a:800::200a (Zurich, Switzerland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2600:9000:211a:ca00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)
w.sharethis.com
4    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
7    68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
16    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
2    18.197.210.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-210-187.eu-central-1.compute.amazonaws.com
l.sharethis.com
2    2a00:1450:400d:80c::200e (Ireland)

ASN15169 (GOOGLE, US)
www.google-analytics.com
9    2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
lg3.media.net
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2606:4700:20::681a:644 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
2    34.250.137.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-137-124.eu-west-1.compute.amazonaws.com
aa.agkn.com
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
2    141.95.33.111 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203177.ip-141-95-33.eu
id5-sync.com
4    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
4    185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
1    141.95.98.66 (France)

ASN16276 (OVH, FR)
PTR: ns3216537.ip-141-95-98.eu
lb.eu-1-id5-sync.com
4    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
2    2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    35.157.194.177 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
2    198.47.127.22 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
hbopenbid.pubmatic.com
2    69.166.1.9 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
10    185.89.211.12 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
2    185.86.139.95 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
4    216.52.2.39 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
2    34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
2    3.68.42.108 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-42-108.eu-central-1.compute.amazonaws.com
hb.emxdgt.com
4    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
u.openx.net
1    35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
6    185.172.90.251 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: ads.us.e-plannning.net
ads.us.e-planning.net
u-ams03.e-planning.net
21    2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
7    52.72.177.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-177-11.compute-1.amazonaws.com
a.audrte.com
3    185.172.90.250 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: s.e-planning.net
s.e-planning.net
2    35.171.56.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-56-4.compute-1.amazonaws.com
ssp.disqus.com
2    72.251.249.13 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)
ce.lijit.com
1    92.123.9.160 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-9-160.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
4    23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    104.18.19.126 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
1    205.234.175.175 (Lovettsville, United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
i.e-planning.net
1    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
15    2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
21    142.251.39.34 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s38-in-f2.1e100.net
cm.g.doubleclick.net
4    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pixel.tapad.com
4    37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
c1.adform.net
1    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2600:1f18:6593:f607:ba15:f8ca:726:bfa6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dmp.v.fwmrm.net
2    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2a05:d018:24:b001:7bc1:27ea:de69:aded (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
sync.tidaltv.com
2    34.248.26.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-26-113.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    18.198.69.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Rogeno, Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
1    85.114.159.93 (Schopfheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
2    34.111.131.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.131.111.34.bc.googleusercontent.com
idsync.frontend.weborama.fr
1    185.15.245.82 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
dmp.theadex.com
3    99.80.120.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-120-198.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
1    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    54.76.58.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-58-201.eu-west-1.compute.amazonaws.com
beacon.krxd.net
1    157.90.211.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.246.211.90.157.clients.your-server.de
sync.richaudience.com
1    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    18.211.165.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-165-216.compute-1.amazonaws.com
usermatch.krxd.net
5    52.94.222.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    104.96.159.57 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-159-57.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    52.30.179.166 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-179-166.eu-west-1.compute.amazonaws.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
6    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
pixel-eu.rubiconproject.com
2    52.58.218.78 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-218-78.eu-central-1.compute.amazonaws.com
x.bidswitch.net
8    104.18.18.126 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
5    52.46.128.147 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    162.19.80.92 (France)

ASN16276 (OVH, FR)
PTR: ns3011863.ip-162-19-80.eu
gu.dyntrk.com
1    52.48.190.42 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-190-42.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    2606:4700::6813:ac6c (United States)

ASN13335 (CLOUDFLARENET, US)
csync.loopme.me
1    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
4    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    2a05:d018:d29:3601:2446:243c:2b31:890f (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
2    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    18.66.97.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-9.fra56.r.cloudfront.net
tags.crwdcntrl.net
1    2a02:6ea0:c700::22 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
vid.vidoomy.com
1    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
1    51.158.29.12 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-29-12.rev.poneytelecom.eu
js.cookieless-data.com
2    23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    104.17.119.107 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
biddr.brealtime.com
2    184.51.9.18 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-9-18.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
15    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    2a00:1450:400d:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:400d:80a::2006 (Ireland)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    142.250.201.194 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f2.1e100.net
googleads4.g.doubleclick.net
1    152.195.15.58 (United States)

ASN15133 (EDGECAST, US)
cdn.bizibly.com
1    172.104.45.159 (Singapore, Singapore)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1625-159.members.linode.com
a.c.appier.net
2    135.125.160.160 (France)

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu
c.eu1.dyntrk.com
1    202.233.84.1 (Japan)

ASN131957 (MICROAD MicroAd, Inc., JP)
aid.send.microad.jp
1    133.186.161.89 (Japan)

ASN45974 (NHN-AS-KR NHN, KR)
app.cauly.co.kr
1    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    2a02:6b8::90 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)
an.yandex.ru
1    3.124.210.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-210-90.eu-central-1.compute.amazonaws.com
ps.eyeota.net
Apex Domain
Subdomains		 Transfer
44 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 351341
2 MB
36 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
tpc.googlesyndication.com — Cisco Umbrella Rank: 143
503 KB
27 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 212
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 299
69 KB
18 wp.com
i0.wp.com — Cisco Umbrella Rank: 2877
stats.wp.com — Cisco Umbrella Rank: 2599
pixel.wp.com — Cisco Umbrella Rank: 2451
342 KB
17 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 465
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 903
eus.rubiconproject.com — Cisco Umbrella Rank: 557
pixel.rubiconproject.com — Cisco Umbrella Rank: 336
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2006
token.rubiconproject.com — Cisco Umbrella Rank: 667
26 KB
16 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 428
ib.adnxs.com — Cisco Umbrella Rank: 229
acdn.adnxs.com — Cisco Umbrella Rank: 593
46 KB
15 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1754
mwzeom.zeotap.com — Cisco Umbrella Rank: 1627
4 KB
13 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 44623
cdn.pixfuture.com — Cisco Umbrella Rank: 51767
prebidserver.pixfuture.com — Cisco Umbrella Rank: 71303
458 KB
10 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1216
s.amazon-adsystem.com — Cisco Umbrella Rank: 287
7 KB
10 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1327
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 429
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528
9 KB
10 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 4699
s.e-planning.net — Cisco Umbrella Rank: 6632
u-ams03.e-planning.net — Cisco Umbrella Rank: 69793
i.e-planning.net — Cisco Umbrella Rank: 6796
4 KB
10 gstatic.com
fonts.gstatic.com
www.gstatic.com
211 KB
8 media.net
contextual.media.net — Cisco Umbrella Rank: 560
lg3.media.net — Cisco Umbrella Rank: 3952
prebid.media.net — Cisco Umbrella Rank: 1147
19 KB
7 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2379
7 KB
6 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 598
ce.lijit.com — Cisco Umbrella Rank: 918
4 KB
6 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 431
image6.pubmatic.com — Cisco Umbrella Rank: 647
ads.pubmatic.com — Cisco Umbrella Rank: 457
12 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 76
www.google.com — Cisco Umbrella Rank: 2
2 KB
5 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 818
tags.crwdcntrl.net — Cisco Umbrella Rank: 1205
17 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
6 KB
4 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 1344
c.eu1.dyntrk.com — Cisco Umbrella Rank: 4702
2 KB
4 adform.net
dmp.adform.net — Cisco Umbrella Rank: 4683
c1.adform.net — Cisco Umbrella Rank: 614
2 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 430
1 KB
4 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 959
cms.analytics.yahoo.com — Cisco Umbrella Rank: 855
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 439
ups.analytics.yahoo.com — Cisco Umbrella Rank: 282
5 KB
4 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 55669
u.openx.net — Cisco Umbrella Rank: 641
695 B
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 344
1 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 402
mug.criteo.com — Cisco Umbrella Rank: 2810
1 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28
region1.google-analytics.com — Cisco Umbrella Rank: 2852
20 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
217 KB
4 sharethis.com
w.sharethis.com — Cisco Umbrella Rank: 18143
l.sharethis.com — Cisco Umbrella Rank: 4686
14 KB
3 yandex.ru
an.yandex.ru — Cisco Umbrella Rank: 2395
1 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 515
usermatch.krxd.net — Cisco Umbrella Rank: 1239
943 B
3 33across.com
ssc.33across.com — Cisco Umbrella Rank: 1565
ssc-cms.33across.com — Cisco Umbrella Rank: 920
522 B
2 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 191
88 KB
2 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 2807
2 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 8962
957 B
2 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 862
920 B
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 288
2 KB
2 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 935
sync.mathtag.com — Cisco Umbrella Rank: 441
1 KB
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 25538
683 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 211
2 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1256
752 B
2 disqus.com
ssp.disqus.com — Cisco Umbrella Rank: 1702
1022 B
2 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2400
7 KB
2 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1237
903 B
2 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1398
1 KB
2 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 929
317 B
2 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 456
1 KB
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 455
992 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 940
1 KB
1 cauly.co.kr
app.cauly.co.kr — Cisco Umbrella Rank: 105019
495 B
1 microad.jp
aid.send.microad.jp — Cisco Umbrella Rank: 3634
464 B
1 appier.net
a.c.appier.net — Cisco Umbrella Rank: 17497
554 B
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 8656
345 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 268
25 KB
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 6606
535 B
1 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 376
140 B
1 vidoomy.com
vid.vidoomy.com — Cisco Umbrella Rank: 4666
17 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 365
706 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 909
131 B
1 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 479
433 B
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 13127
215 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 524
145 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 537
177 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1973
361 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 924
356 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 21865
84 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1523
596 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 116908
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 6785
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11109
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 690
161 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 749
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1356
331 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 707
6 KB
0 rlcdn.com Failed
api.rlcdn.com Failed
300 75
Domain Requested by
44 securityaffairs.co securityaffairs.co
21 cm.g.doubleclick.net 11 redirects spl.zeotap.com
eus.rubiconproject.com
googleads.g.doubleclick.net
21 pagead2.googlesyndication.com cdn.pixfuture.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
16 i0.wp.com securityaffairs.co
15 tpc.googlesyndication.com googleads.g.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
12 mwzeom.zeotap.com ads.us.e-planning.net
spl.zeotap.com
10 ib.adnxs.com 2 redirects cdn.pixfuture.com
spl.zeotap.com
acdn.adnxs.com
googleads.g.doubleclick.net
9 fonts.gstatic.com fonts.googleapis.com
7 dsum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
googleads.g.doubleclick.net
7 a.audrte.com 3 redirects ads.us.e-planning.net
a.audrte.com
7 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
5 s.amazon-adsystem.com 3 redirects ssum.casalemedia.com
eus.rubiconproject.com
5 pixel.rubiconproject.com 2 redirects spl.zeotap.com
eus.rubiconproject.com
5 aax-eu.amazon-adsystem.com 3 redirects ads.us.e-planning.net
eus.rubiconproject.com
5 fonts.googleapis.com securityaffairs.co
googleads.g.doubleclick.net
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
4 token.rubiconproject.com 4 redirects
4 pixel.tapad.com 3 redirects ads.us.e-planning.net
4 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
cdn.pixfuture.com
4 u-ams03.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
vid.vidoomy.com
4 ap.lijit.com cdn.pixfuture.com
4 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
4 secure.adnxs.com 2 redirects
4 match.adsrvr.org cdn.pixfuture.com
spl.zeotap.com
ssum.casalemedia.com
eus.rubiconproject.com
4 contextual.media.net 1 redirects securityaffairs.co
cdn.pixfuture.com
4 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
3 an.yandex.ru 2 redirects
3 www.google.com googleads.g.doubleclick.net
tpc.googlesyndication.com
3 bcp.crwdcntrl.net 2 redirects tags.crwdcntrl.net
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 s.e-planning.net ads.us.e-planning.net
2 c1.adform.net 2 redirects
2 c.eu1.dyntrk.com 2 redirects
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 www.googletagservices.com googleads.g.doubleclick.net
2 u.openx.net cdn.pixfuture.com
2 acdn.adnxs.com cdn.pixfuture.com
2 biddr.brealtime.com cdn.pixfuture.com
2 ads.pubmatic.com cdn.pixfuture.com
2 tags.crwdcntrl.net s.e-planning.net
tags.crwdcntrl.net
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 partner.googleadservices.com pagead2.googlesyndication.com
2 gu.dyntrk.com 2 redirects
2 x.bidswitch.net 2 redirects
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 idsync.frontend.weborama.fr 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 image6.pubmatic.com spl.zeotap.com
ads.pubmatic.com
2 dmp.adform.net 1 redirects spl.zeotap.com
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 ce.lijit.com 2 redirects
2 ssp.disqus.com 2 redirects
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 pixfuture2-d.openx.net cdn.pixfuture.com
2 hb.emxdgt.com cdn.pixfuture.com
2 ssc.33across.com cdn.pixfuture.com
2 prebid.media.net cdn.pixfuture.com
2 prg.smartadserver.com cdn.pixfuture.com
2 apex.go.sonobi.com cdn.pixfuture.com
2 hbopenbid.pubmatic.com cdn.pixfuture.com
2 btlr.sharethrough.com cdn.pixfuture.com
2 fastlane.rubiconproject.com cdn.pixfuture.com
2 id5-sync.com cdn.pixfuture.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 aa.agkn.com 1 redirects cdn.pixfuture.com
2 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
2 region1.google-analytics.com www.googletagmanager.com
2 lg3.media.net securityaffairs.co
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 l.sharethis.com w.sharethis.com
securityaffairs.co
2 w.sharethis.com 1 redirects securityaffairs.co
1 ps.eyeota.net
1 ups.analytics.yahoo.com 1 redirects
1 app.cauly.co.kr 1 redirects
1 aid.send.microad.jp googleads.g.doubleclick.net
1 a.c.appier.net 1 redirects
1 cdn.bizibly.com googleads.g.doubleclick.net
1 s0.2mdn.net googleads.g.doubleclick.net
1 www.gstatic.com googleads.g.doubleclick.net
1 ssc-cms.33across.com cdn.pixfuture.com
1 js.cookieless-data.com s.e-planning.net
1 eb2.3lift.com ads.us.e-planning.net
1 vid.vidoomy.com ads.us.e-planning.net
1 px.ads.linkedin.com eus.rubiconproject.com
1 pr-bh.ybp.yahoo.com 1 redirects
1 sync.mathtag.com 1 redirects
1 csync.loopme.me ssum.casalemedia.com
1 match.prod.bidr.io ssum.casalemedia.com
1 ssum-sec.casalemedia.com ssum.casalemedia.com
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync-tm.everesttech.net spl.zeotap.com
1 sync.richaudience.com spl.zeotap.com
1 odr.mookie1.com spl.zeotap.com
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 dsp.adfarm1.adition.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 onetag-sys.com ads.us.e-planning.net
1 i.e-planning.net ads.us.e-planning.net
1 secure-assets.rubiconproject.com 1 redirects
1 c2shb.ssp.yahoo.com cdn.pixfuture.com
1 lb.eu-1-id5-sync.com cdn.pixfuture.com
1 pixel.wp.com securityaffairs.co
1 stats.wp.com securityaffairs.co
1 maxcdn.bootstrapcdn.com securityaffairs.co
0 api.rlcdn.com Failed cdn.pixfuture.com
300 116
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.securityaffairs.co
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-24 -
2023-04-07		 a year crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-11 -
2023-07-12		 a year crt.sh
sharethis.com
Amazon		 2022-08-02 -
2023-08-31		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-17 -
2023-05-17		 a year crt.sh
*.agkn.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2022-09-06 -
2023-09-21		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-03		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-27 -
2022-11-22		 3 months crt.sh
*.id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2022-09-14 -
2022-12-13		 3 months crt.sh
*.emxdgt.com
Amazon		 2022-06-02 -
2023-07-01		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
ads.us.e-planning.net
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
*.audrte.com
Amazon		 2022-02-24 -
2023-03-24		 a year crt.sh
*.e-planning.net
R3		 2022-07-25 -
2022-10-23		 3 months crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2022-02-23 -
2023-02-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-10 -
2023-01-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-20 -
2023-09-20		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-29 -
2022-12-30		 a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-10		 a year crt.sh
dmp.theadex.com
R3		 2022-08-26 -
2022-11-24		 3 months crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-24 -
2023-03-27		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-11 -
2023-03-10		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-03 -
2023-03-07		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.match.prod.bidr.io
Amazon		 2022-01-27 -
2023-02-25		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.vidoomy.com
Sectigo RSA Domain Validation Secure Server CA		 2022-09-01 -
2023-10-02		 a year crt.sh
*.3lift.com
Amazon		 2022-05-13 -
2023-06-11		 a year crt.sh
*.cookieless-data.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-23 -
2023-03-22		 a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2		 2022-01-21 -
2023-02-22		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2021-12-10 -
2022-12-09		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2022-09-06 -
2023-09-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-30 -
2023-07-31		 a year crt.sh
*.send.microad.jp
GlobalSign RSA OV SSL CA 2018		 2021-10-06 -
2022-11-07		 a year crt.sh
eyeota.net
GoGetSSL RSA DV CA		 2022-03-18 -
2023-03-18		 a year crt.sh

This page contains 37 frames:

Primary Page: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Frame ID: C884AB7E6BCFF3979B8FC386F5B43008
Requests: 132 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: 955CD6E30205F9F0E09353A2EE099277
Requests: 13 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 1002D89D03D335CD2F9296163C820684
Requests: 8 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 5DA8743D7C7D69F7958E6261184BA580
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Frame ID: 80C717EC1F00A33442AA6F1032F1D80E
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Frame ID: D700237CAF7BF4BA5F30D68D516B3D96
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 4A06D15CA382C589DD6E503A4E2FCC7B
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 422411A0A3CCF0D8567CD552B74B167A
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&cmp=0
Frame ID: 417EB3D93F5100E9F194BC22AD5274ED
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Frame ID: 0E33167A74F9B5C91BD6B3DEF27F9EDB
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Frame ID: D7C639069EDB4602B49EFC896CFFA3CA
Requests: 16 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 7CA91AB986349FDCF60F4387D8E23EBF
Requests: 2 HTTP requests in this frame

Frame: https://u-ams03.e-planning.net/um?dc=3ab023ac29ea5990&fi=01e2750475341cd6&uid=f66c2b0869940a26a878505394b8e720
Frame ID: 188386572F3A2AE92A60EF646BCABA5B
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3D%24UID%26dc%3D4d76b6ce34af74c9%26iss%3D1
Frame ID: 84CCBBD0DBFF0C8CE59EB52EC7BCFA45
Requests: 1 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ALQbHyKHKmvabMsu
Frame ID: A0973661610EA8C7ED31AC996A9E4499
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 4562C19770CD40213E34FB457F3E27CF
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 95EAB32394164C2BA1AFF0E07C4B5901
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 21CF6101BD4873A2E77A9F706805682D
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 1DB86CADBD1001481EC92CA8D455E421
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 76670A45F998A24547E1870B4539394B
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: 5D10CC15E6D1FB48DC807164E7088782
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 3891FA1890CC592D8C4635A2875CB392
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: EA2D7FA281D6D5CCB74221FB10C7E6DA
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 00F6223553ED420D5EF1AC053265C9E0
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 3CFAA783C76D6E75688013AA739A4917
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: BBEF79D8642336FE7A1CB2BCA5A78ED4
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 293BB80D9D8CEB1E35A48F464B04F34D
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: D99C3A9BA39E9DF0E7335E53FDF764DD
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13480300
Frame ID: B2323C9781FD0347527BE4C18C508B5E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Frame ID: F4FA6779D3F9F4F947726163D39F41AF
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B9874F07A84AD63BA9B395BD24962868
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
Frame ID: 8B267D6C65B156C19DE9356E051BA0AC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8D89254CF6B6092F526B2C550A10A702
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1519648C8CAB36AD499BC08A3EBE6E5B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 366356FE32124C5806DF4C6125C3D682
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1178DF82561FAAD8F45732348044AA3D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 250F40E53A3E325CBA4959824941ADF0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JackPOS malware presented as a Java Update SchedulerSecurity Affairs

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • w\.sharethis\.com/
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • https?://an\.yandex\.ru/
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

300
Requests

66 %
HTTPS

27 %
IPv6

75
Domains

116
Subdomains

88
IPs

14
Countries

3821 kB
Transfer

5666 kB
Size

72
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1 HTTP 307
  • https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1
Request Chain 27
  • http://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1 HTTP 301
  • https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
Request Chain 29
  • http://contextual.media.net/dmedianet.js?cid=8CU5BD6EW HTTP 302
  • https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Request Chain 94
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=60ABOXw1WndJeStGWUxrTHNsYU1ESkttbHFMSHhmRnBsOUlqVWUrb3U0MnB4a2dCMlA3anlPVmJqeVZkMUdpTEVBamY3M2RQMG9UanJzYndQaVByRXc3SU4yUEJHejJvdU5HUHVMaHJYbituZWVrTW5NaktXOGZGTERUUm84a2gyYW1rbVgrUGxHQm1GbWhtY09rM3FhS212WDh1ZkVDd1NYNjRuS1Z2RWJlcHRVamdtRTJJalprTWt3bURhamJ6aTNtRjhJa1UxK1JTVFVoSnFES0UxYjZ6bWo2MUtPZGpSb21FdURPZkVaeVpwUUNhRjNpVHNVOHpKbnZoemNNSzlwMDlofA&cppv=2
Request Chain 98
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 99
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 129
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 136
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D01e2750475341cd6%26uid%3D%24UID HTTP 302
  • https://u-ams03.e-planning.net/um?dc=8103fa85295fbe60&fi=01e2750475341cd6&uid=6330426637545280149
Request Chain 137
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3D01e2750475341cd6%26uid%3D%24UID&partner=eplanning HTTP 302
  • https://ce.lijit.com/merge?pid=279534&3pid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10&gdpr=0&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS02NzJjNGIzZi1lMTc3LTNkNzktYTYzYy1hOWFjZDc2MTljMTAa-QFDUGdFTUFBUGdFTUFBQWNBQkJFTkNpQ2dBQUFBQUhfQUFDaFFBQUFTQUFKTU5XNGdDN01zY0diYU1Jb0VRSXdyQ1E2Z1VBRkZBTUxSQVlRT3JncDJWd0Utc0lFQUNBVUFUZ1JBaHhCUmd3Q0FBQVNBSkNJZ0pBandRQ0lBaUFRQUFnQVZDSVFBTWJBSUxBQ3dNQWdBRkFOQ3hSaWdDRUNRZ3lJQ0lwVEFnS2tTQ2czc3FFRW9POURUQ0VPczhBS0RSX3hVSUNOWkF4V0JFSkN3Y2h3UklDWGl5UVBNVWI1QUNNRUtBVVNvVmdBQS5ZQUFBRF9nQUFBQUEqdWh0dHBzOi8vdS1hbXMwMy5lLXBsYW5uaW5nLm5ldC91bT9kYz1lNjRmNzM1NjhkMmIzYzM0JmZpPTAxZTI3NTA0NzUzNDFjZDYmdWlkPXVhLTY3MmM0YjNmLWUxNzctM2Q3OS1hNjNjLWE5YWNkNzYxOWMxMDIBDDgB HTTP 302
  • https://ce.lijit.com/merge?pid=279534&3pid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10&gdpr=0&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRNID%5D%26r%3DCid1YS02NzJjNGIzZi1lMTc3LTNkNzktYTYzYy1hOWFjZDc2MTljMTAa-QFDUGdFTUFBUGdFTUFBQWNBQkJFTkNpQ2dBQUFBQUhfQUFDaFFBQUFTQUFKTU5XNGdDN01zY0diYU1Jb0VRSXdyQ1E2Z1VBRkZBTUxSQVlRT3JncDJWd0Utc0lFQUNBVUFUZ1JBaHhCUmd3Q0FBQVNBSkNJZ0pBandRQ0lBaUFRQUFnQVZDSVFBTWJBSUxBQ3dNQWdBRkFOQ3hSaWdDRUNRZ3lJQ0lwVEFnS2tTQ2czc3FFRW9POURUQ0VPczhBS0RSX3hVSUNOWkF4V0JFSkN3Y2h3UklDWGl5UVBNVWI1QUNNRUtBVVNvVmdBQS5ZQUFBRF9nQUFBQUEqdWh0dHBzOi8vdS1hbXMwMy5lLXBsYW5uaW5nLm5ldC91bT9kYz1lNjRmNzM1NjhkMmIzYzM0JmZpPTAxZTI3NTA0NzUzNDFjZDYmdWlkPXVhLTY3MmM0YjNmLWUxNzctM2Q3OS1hNjNjLWE5YWNkNzYxOWMxMDIBDDgB&dnr=1 HTTP 302
  • https://ssp.disqus.com/match?bidder=12&buyeruid=FZiOqRZHARwkHVUTS2CyNMaL&r=Cid1YS02NzJjNGIzZi1lMTc3LTNkNzktYTYzYy1hOWFjZDc2MTljMTAa-QFDUGdFTUFBUGdFTUFBQWNBQkJFTkNpQ2dBQUFBQUhfQUFDaFFBQUFTQUFKTU5XNGdDN01zY0diYU1Jb0VRSXdyQ1E2Z1VBRkZBTUxSQVlRT3JncDJWd0Utc0lFQUNBVUFUZ1JBaHhCUmd3Q0FBQVNBSkNJZ0pBandRQ0lBaUFRQUFnQVZDSVFBTWJBSUxBQ3dNQWdBRkFOQ3hSaWdDRUNRZ3lJQ0lwVEFnS2tTQ2czc3FFRW9POURUQ0VPczhBS0RSX3hVSUNOWkF4V0JFSkN3Y2h3UklDWGl5UVBNVWI1QUNNRUtBVVNvVmdBQS5ZQUFBRF9nQUFBQUEqdWh0dHBzOi8vdS1hbXMwMy5lLXBsYW5uaW5nLm5ldC91bT9kYz1lNjRmNzM1NjhkMmIzYzM0JmZpPTAxZTI3NTA0NzUzNDFjZDYmdWlkPXVhLTY3MmM0YjNmLWUxNzctM2Q3OS1hNjNjLWE5YWNkNzYxOWMxMDIBDDgB HTTP 302
  • https://u-ams03.e-planning.net/um?dc=e64f73568d2b3c34&fi=01e2750475341cd6&uid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
Request Chain 139
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Request Chain 140
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Request Chain 148
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=005b1d45-abaa-48a9-b682-37471ff5c2cf&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 154
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=f7a80584-6d42-4854-81b6-672e17d3d65a&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 155
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=22816408363959778252804574423635207623&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 157
  • https://bn01.er.bemail.it/zeotap.php?_bid=dba5f86e-6356-4a77-7cab-af16129f5659&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022093010-24644-0.801894001664527954-9fde28c6533c6caeb2c1a52e5b9058e5&zdid=533&env=mWeb
Request Chain 158
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7148901823588006036&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 159
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659
Request Chain 160
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=dba5f86e-6356-4a77-7cab-af16129f5659&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=dba5f86e-6356-4a77-7cab-af16129f5659&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361&bounce=1&random=2801963390 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=lVvsQFa7I5QgZmh1VxQoQ.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 162
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=dba5f86e-6356-4a77-7cab-af16129f5659?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=dba5f86e-6356-4a77-7cab-af16129f5659?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 163
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-P2B.zetE2oqU2Kpcl5U0jdd0JZtCIH8mdg--~A&zpartnerid=570&env=mWeb
Request Chain 164
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MjjoqVWHhTjCEWaNgYR09uRbCuAJT%2FOc%2BS41iYitP1U%3D
Request Chain 169
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=81bf6336-0055-4500-b8c1-9f14532a4c11&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 170
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 171
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&dcc=t
Request Chain 173
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 175
  • https://x.bidswitch.net/syncd?dsp_id=461&user_group=1&expires=5&user_id=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BBBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D%26env%3DmWeb%26zpartnerid%3D1771%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=461&user_group=1&expires=5&user_id=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BBBSW_UUID%7D%26cookie_age%3D%24%7BCOOKIE_AGE%7D%26env%3DmWeb%26zpartnerid%3D1771%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=${BBSW_UUID}&cookie_age=${COOKIE_AGE}&env=mWeb&zpartnerid=1771&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Request Chain 180
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEARq6QpCC1zeF6so3dwH6g4&google_cver=1
Request Chain 181
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YzYAVWb-oGuElAM5rmMpoQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOT0SBA2KUAd57z8ZSl1cVE&google_cver=1
Request Chain 182
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&dcc=t
Request Chain 184
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1 HTTP 302
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=&knw=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Request Chain 187
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=81bf6336-0055-4500-b8c1-9f14532a4c11
Request Chain 189
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/mNsGPDHWgJe7cJ-2h34Hgsn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1122319897752120027
Request Chain 191
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzU5ZWQxNWVhOTQxYzUzYzM5NDM2OTU3MDU1MTRkNWY3YmRkMTAwZA
Request Chain 192
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKxmR5_mlc-XZBW3H27f6_I&google_cver=1
Request Chain 193
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhOSUc1MjktMUYtM0w1WA==
Request Chain 194
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L8NIG529-1F-3L5X
Request Chain 195
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=CqW9bwoVR7aTvpqtyjapaw&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=CqW9bwoVR7aTvpqtyjapaw
Request Chain 196
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZV4UbAWuR5C9fQk_kHr6MA&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZV4UbAWuR5C9fQk_kHr6MA
Request Chain 250
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
Request Chain 251
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YzYAVWb-oGuElAM5rmMpoQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
Request Chain 252
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFr1zgCkJrSGJsCvKZdxOww&google_cver=1
Request Chain 253
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzMDQyNjYzNzU0NTI4MDE0OQ%3D%3D
Request Chain 268
  • https://a.c.appier.net/gcm?google_gid=CAESEI6YpsjeRkPDyVt1-Duc9WA&google_cver=1&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xWEa_JBfh5w16f7yy HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Y29RcmM3Q3NCeFc2ci1XMVZ3QTJZdw%3D%3D&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xWEa_JBfh5w16f7yy
Request Chain 269
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEJPCA1SbIvDOCLzYOroE_Vg&google_cver=1&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl HTTP 302
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEJPCA1SbIvDOCLzYOroE_Vg&google_cver=1&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl&prevuid=&knw= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl&google_hm=
Request Chain 271
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHKmyHb1bGQVMMIyIE_qRa0&google_cver=1&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyNPevXcufuDWxppPCmPz12 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHKmyHb1bGQVMMIyIE_qRa0&google_cver=1&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyNPevXcufuDWxppPCmPz12 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTI5NjEwMTg5ODk1MDE3Mjc4&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyNPevXcufuDWxppPCmPz12
Request Chain 272
  • https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESENKaxxPw6XjMvp_x1wTxaO8&google_cver=1&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3WXehuMnjKtCnRvW HTTP 301
  • https://cm.g.doubleclick.net/pixel?google_nid=fsn_asia_private_limited_new&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3WXehuMnjKtCnRvW
Request Chain 273
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECsdi0WmxQl7ccsnf2qfjmA&google_cver=1&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHeXYkmai8TwHMeT_AKK0IqLaPcsFOkqBSHJoMqljVHtlZ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01Smhud2ZORTJ1R0ZFaGpwcURmQmtXNVFGaGF2REEyUX5B&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHeXYkmai8TwHMeT_AKK0IqLaPcsFOkqBSHJoMqljVHtlZ
Request Chain 274
  • https://an.yandex.ru/mapuid/google/CAESEI6zLmFQPEzM_v6btqQs4bY?ext-param=AZmPxg8K45TW4Qdi71vDsxDyNIvd39vi7GZNwLikz1XIYhuekWAefv7VS2T4frg9tQ3XX2Ng_OiAzv-Hf-6rh4J9tUIyMZO96X2E&partner-tag=yandex_ag&google_cver=1 HTTP 302
  • https://an.yandex.ru/mapuid/google/CAESEI6zLmFQPEzM_v6btqQs4bY?redir-setuniq=1&ext-param=AZmPxg8K45TW4Qdi71vDsxDyNIvd39vi7GZNwLikz1XIYhuekWAefv7VS2T4frg9tQ3XX2Ng_OiAzv-Hf-6rh4J9tUIyMZO96X2E&partner-tag=yandex_ag&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEI6zLmFQPEzM_v6btqQs4bY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif HTTP 302
  • https://an.yandex.ru/resource/spacer.gif
Request Chain 280
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=gfaWcZ1XMaQSIakupLJBZhSKQ&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=gfaWcZ1XMaQSIakupLJBZhSKQ&gdpr=0&gdpr_consent=&google_gid=CAESEGTiwktvt7ZitFB31or4NyU&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 281
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=929610189895017278 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=&google_gid=CAESEGTiwktvt7ZitFB31or4NyU&google_cver=1 HTTP 302
  • https://a.audrte.com/p

300 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request jackpos-pos-malware.html
securityaffairs.co/wordpress/22121/malware/ 		103 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
23831bd807039dcff67dc869bf01472d1531be84f282d29ab0695908572cc69b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 29 Sep 2022 20:30:09 GMT
Keep-Alive
timeout=15
Link
<https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/22121>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=22121>; rel=shortlink
Server
Apache
Transfer-Encoding
chunked
style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 		101 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Tue, 12 Jul 2022 21:45:23 GMT
Server
Apache
ETag
"193c1-5e3a295f4b1f7"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
103361
mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 09 Dec 2020 23:31:00 GMT
Server
Apache
ETag
"2bf8-5b61073acf500"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
11256
wp-mediaelement.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/mediaelement/wp-mediaelement.css?ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 13 Nov 2019 23:52:08 GMT
Server
Apache
ETag
"1360-597430d761a00"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
4960
cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 28 Sep 2022 22:29:31 GMT
Server
Apache
ETag
"c22-5e9c44b6c1652"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
3106
cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/ 		27 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 28 Sep 2022 22:29:31 GMT
Server
Apache
ETag
"6a71-5e9c44b6c1652"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
27249
ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 		142 KB
142 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=1662675000
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
27af6a936f27c245f807aef4673133e343b4d791c45ada798049d38a55e3634c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Thu, 08 Sep 2022 22:10:00 GMT
Server
Apache
ETag
"23833-5e831b0cd5542"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
145459
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/
Redirect Chain
  • http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1
  • https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1
23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
860
age
1819784
cdn-cachedat
08/25/2022 04:42:40
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"04425bbdc6243fc6e54bf8984fe50330"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
062056837ff0836bf5249cf035e05009
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
752779a54a216928-FRA
cdn-requestpullsuccess
True

Redirect headers

Location
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8.3.1
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 		19 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 13:54:59 GMT
Server
Apache
ETag
"4d92-52704407f72c0"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
19858
tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		539 B
799 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:04 GMT
Server
Apache
ETag
"21b-526fe6d7cd700"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
539
flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 13:55:09 GMT
Server
Apache
ETag
"1851-5270441180940"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
6225
animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:02 GMT
Server
Apache
ETag
"6b4-526fe6d5e5280"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1716
font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		17 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:02 GMT
Server
Apache
ETag
"4574-526fe6d5e5280"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
17780
swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:18 GMT
Server
Apache
ETag
"118d-526fe6e527680"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
4493
jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		334 B
594 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:02 GMT
Server
Apache
ETag
"14e-526fe6d5e5280"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
334
screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		110 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:04 GMT
Server
Apache
ETag
"1b844-526fe6d7cd700"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
112708
custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 		12 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Server
Apache
Connection
keep-alive
Keep-Alive
timeout=15
Transfer-Encoding
chunked
Content-Type
text/css; charset: UTF-8;charset=UTF-8
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
86042f9897a7fac5e0ad6e9f8e55b845c0fbe31fcadf2dc6a28da0c6dab78cef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
X-XSS-Protection
0
Last-Modified
Thu, 29 Sep 2022 20:30:10 GMT
Server
ESF
Cross-Origin-Opener-Policy
same-origin-allow-popups
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires
Thu, 29 Sep 2022 20:30:10 GMT
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
14460a562a12c4cb19000f14d410f55e01a54c56ea426c66ae8bb0d5646bc413
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
X-XSS-Protection
0
Last-Modified
Thu, 29 Sep 2022 20:30:10 GMT
Server
ESF
Cross-Origin-Opener-Policy
same-origin-allow-popups
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires
Thu, 29 Sep 2022 20:30:10 GMT
css
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
878203aea099236d8e397fb225fde067628d84bc56985c9c01fb43edd9578f04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
X-XSS-Protection
0
Last-Modified
Thu, 29 Sep 2022 20:30:10 GMT
Server
ESF
Cross-Origin-Opener-Policy
same-origin-allow-popups
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires
Thu, 29 Sep 2022 20:30:10 GMT
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ae3f8dd90b0aa771b658feac64893bc5a398c564471b016d16f01c4c997c3f6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
X-XSS-Protection
0
Last-Modified
Thu, 29 Sep 2022 20:30:10 GMT
Server
ESF
Cross-Origin-Opener-Policy
same-origin-allow-popups
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin
*
Link
<http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires
Thu, 29 Sep 2022 20:30:10 GMT
grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:03 GMT
Server
Apache
ETag
"c5f2-526fe6d6d94c0"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
50674
sharing.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		18 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.3.2
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Sat, 24 Sep 2022 22:26:16 GMT
Server
Apache
ETag
"4991-5e973c8723143"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
18833
social-logos.css
securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.3.2
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Sat, 24 Sep 2022 22:26:13 GMT
Server
Apache
ETag
"312f-5e973c84295f0"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
12591
jquery.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		282 KB
282 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.6.0
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Fri, 23 Jul 2021 22:11:53 GMT
Server
Apache
ETag
"46758-5c7d1b0de3c40"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
288600
jquery-migrate.js
securityaffairs.co/wordpress/wp-includes/js/jquery/ 		25 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 09 Dec 2020 23:31:00 GMT
Server
Apache
ETag
"62d4-5b61073acf500"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
25300
cookie-law-info-public.js
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/js/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 28 Sep 2022 22:29:31 GMT
Server
Apache
ETag
"8583-5e9c44b6c3592"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
34179
medianetAdInjector.js
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 		562 B
836 B 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Sat, 08 May 2021 23:27:41 GMT
Server
Apache
ETag
"232-5c1d9e402b540"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
562
st_insights.js
w.sharethis.com/button/
Redirect Chain
  • http://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
  • https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Server
2600:9000:211a:ca00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 18:40:54 GMT
content-encoding
gzip
via
1.1 f9fdc7f95aba4b520d73ade0f850d634.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
VIE50-C2
age
6556
x-cache
Hit from cloudfront
content-length
12778
server
nginx/1.20.1
etag
W/"62bdf23a-c590"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=259200
x-robots-tag
noindex, nofollow
x-amz-cf-id
7dHO9wmuucEHELx1m9GRXp49fXz6GD2po1kftkWLNVw126U2mEN0UA==
expires
Sun, 02 Oct 2022 18:40:54 GMT

Redirect headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
VIE50-C2
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
Connection
keep-alive
Content-Length
167
X-Amz-Cf-Id
8QRUfVDS_S9Twzx9Y6eYVOv7-d07bLuqu77K4W_BcsTZhkgQVzNqsQ==
js
www.googletagmanager.com/gtag/ 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
63eaf8dd777f3ed4ce3b4db806adbf78cdb9f9eff38f8ea42f273fecf8e7f089
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42389
x-xss-protection
0
last-modified
Thu, 29 Sep 2022 20:13:43 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 29 Sep 2022 20:30:11 GMT
dmedianet.js
contextual.media.net/
Redirect Chain
  • http://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
  • https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
368 B
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-mnt-h
22-c8ph
strict-transport-security
max-age=31536000
date
Thu, 29 Sep 2022 20:30:11 GMT
server
Apache
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
content-length
368
expires
Thu, 29 Sep 2022 20:35:11 GMT

Redirect headers

Location
https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Date
Thu, 29 Sep 2022 20:30:11 GMT
Strict-Transport-Security
max-age=31536000
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
twemoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 25 May 2022 22:59:02 GMT
Server
Apache
ETag
"7e90-5dfde04f437ff"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
32400
wp-emoji.js
securityaffairs.co/wordpress/wp-includes/js/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=263f00e44dfd7c30ff10cf0b70fc8586
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Tue, 31 Mar 2020 22:49:14 GMT
Server
Apache
ETag
"231d-5a22e60748e80"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
8989
logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
last-modified
Wed, 16 Dec 2015 17:30:42 GMT
server
Apache
accept-ranges
bytes
etag
"b0e9-5270743f5f480"
content-length
45289
content-type
image/png
headerbid.js
served-by.pixfuture.com/www/delivery/ 		973 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Mon, 29 Aug 2022 14:49:43 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"630cd207-3cd"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length
973
jackpos_1.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png?resize=470%2C179
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"4466d2271c77a1d2"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos_1.png>; rel="canonical"
content-length
19232
expires
Sun, 15 Sep 2024 22:38:54 GMT
facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		830 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
c067a7d5bc50ed4ba554421966d6c4b0140ff2ed4574640fd5abcfa1ab35be11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
x-bytes-saved
290
content-length
830
x-nc
HIT hhn 1
last-modified
Sun, 09 Jun 2019 09:59:37 GMT
server
nginx
etag
"e076e158ac718305"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
expires
Tue, 08 Jun 2021 21:59:37 GMT
twitter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 09:56:29 GMT
server
nginx
etag
"31e076f6356ccd9e"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length
1082
expires
Sat, 05 Nov 2022 21:56:29 GMT
linkedin.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 09:56:29 GMT
server
nginx
etag
"7db465be809ade85"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length
1184
expires
Sat, 05 Nov 2022 21:56:29 GMT
Brute-Ratel.png
securityaffairs.co/wordpress/wp-content/uploads/2022/09/ 		388 KB
388 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/09/Brute-Ratel.png
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9cf2bc156c5f6b1ef26db3e570e43ab401c2f3b475f112cf43c28556b57e155d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
last-modified
Thu, 29 Sep 2022 09:29:32 GMT
server
Apache
accept-ranges
bytes
etag
"60f24-5e9cd83ce37ff"
content-length
397092
content-type
image/png
Chaos-malware.jpg
securityaffairs.co/wordpress/wp-content/uploads/2022/09/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.co/wordpress/wp-content/uploads/2022/09/Chaos-malware.jpg
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
86bc13c8fc0b8f4590f7f7c344719335efa88e4b4eb81ec5a05b6a5cfa3f8ca2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
last-modified
Wed, 28 Sep 2022 21:41:22 GMT
server
Apache
accept-ranges
bytes
etag
"1050d-5e9c39f3560fe"
content-length
66829
content-type
image/jpeg
Honey-Encryption-2.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg?resize=296%2C170&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"c77f594c28e94437"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/Honey-Encryption-2.jpg>; rel="canonical"
content-length
4416
expires
Sun, 15 Sep 2024 22:38:54 GMT
photon.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Sat, 24 Sep 2022 22:26:16 GMT
Server
Apache
ETag
"6e0-5e973c86deb87"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1760
jquery.adrotate.clicktracker.js
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 		365 B
639 B 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:10 GMT
Last-Modified
Wed, 20 Jul 2022 22:10:23 GMT
Server
Apache
ETag
"16d-5e443de11a895"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
365
ssba.js
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1662675000
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Thu, 08 Sep 2022 22:10:00 GMT
Server
Apache
ETag
"7c3-5e831b0cecc40"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
1987
hint.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		987 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"3db-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
987
jquery.tipsy.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"1113-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
4371
jquery.easing.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"1fa1-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
8097
browser.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:16 GMT
Server
Apache
ETag
"a36-526fe6e33f200"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
2614
jquery.flexslider-min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 13:55:10 GMT
Server
Apache
ETag
"53ae-5270441274b80"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
21422
waypoints.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:18 GMT
Server
Apache
ETag
"1f6c-526fe6e527680"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
8044
mediaelement-and-player.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 13:55:14 GMT
Server
Apache
ETag
"11571-5270441645480"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
71025
jquery.swipebox.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"2a67-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
10855
jquery.circliful.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"c18-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
3096
jquery.smarticker.min.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:17 GMT
Server
Apache
ETag
"3225-526fe6e433440"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
12837
custom.js
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 		12 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:16 GMT
Server
Apache
ETag
"31d4-526fe6e33f200"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
12756
sharing.js
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/ 		17 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.3.2
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Sat, 24 Sep 2022 22:26:16 GMT
Server
Apache
ETag
"45a7-5e973c8723143"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
17831
e-202239.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202239.js
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 17 Sep 2023 22:18:53 GMT
pview
l.sharethis.com/ 		0
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1664483411751.44549&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D
Requested by
Host: w.sharethis.com
URL: http://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare&ver=8.3.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.210.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-210-187.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
http://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
gtm.js
www.googletagmanager.com/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ad1d0572134dd2ac687f99ad5d129f9db3180712d009d2e2450dedca0ca4ac97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38518
x-xss-protection
0
last-modified
Thu, 29 Sep 2022 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 29 Sep 2022 20:30:11 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 29 Sep 2022 20:27:31 GMT
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
161
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Thu, 29 Sep 2022 22:27:31 GMT
js
www.googletagmanager.com/gtag/ 		174 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f0dae7d0fe22bb58d275ece06580699238d021a173e918df205c1197f9aa54b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
65740
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 29 Sep 2022 20:30:11 GMT
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v49/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 02:54:38 GMT
X-Content-Type-Options
nosniff
Age
236133
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
17908
X-XSS-Protection
0
Last-Modified
Mon, 18 Jul 2022 19:23:34 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Wed, 27 Sep 2023 02:54:38 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 12:47:34 GMT
X-Content-Type-Options
nosniff
Age
200557
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
23580
X-XSS-Protection
0
Last-Modified
Tue, 26 Apr 2022 15:48:56 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Wed, 27 Sep 2023 12:47:34 GMT
fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 		43 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software
Apache /
Resource Hash
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer
http://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Last-Modified
Wed, 16 Dec 2015 06:58:09 GMT
Server
Apache
ETag
"ad90-526fe6dc92240"
Content-Type
application/font-woff
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=15
Content-Length
44432
nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v30/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 12:36:26 GMT
X-Content-Type-Options
nosniff
Age
201225
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
35764
X-XSS-Protection
0
Last-Modified
Mon, 18 Jul 2022 19:06:36 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Wed, 27 Sep 2023 12:36:26 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 20:34:52 GMT
X-Content-Type-Options
nosniff
Age
86119
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
23040
X-XSS-Protection
0
Last-Modified
Tue, 26 Apr 2022 15:56:42 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Thu, 28 Sep 2023 20:34:52 GMT
S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v23/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/lato/v23/S6u_w4BMUTPHjxsI5wq_Gwft.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Sat, 24 Sep 2022 05:05:24 GMT
X-Content-Type-Options
nosniff
Age
487487
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
24448
X-XSS-Protection
0
Last-Modified
Tue, 26 Apr 2022 16:41:42 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Sun, 24 Sep 2023 05:05:24 GMT
S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
Requested by
Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=263f00e44dfd7c30ff10cf0b70fc8586
Protocol
HTTP/1.1
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://fonts.googleapis.com/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 10:41:03 GMT
X-Content-Type-Options
nosniff
Age
208148
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy
cross-origin
Content-Length
24408
X-XSS-Protection
0
Last-Modified
Tue, 26 Apr 2022 15:50:25 GMT
Server
sffe
Cross-Origin-Opener-Policy
same-origin; report-to="apps-themes"
Report-To
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Wed, 27 Sep 2023 10:41:03 GMT
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
http://securityaffairs.co/
Origin
http://securityaffairs.co
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
jackpos-2.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png?resize=476%2C293
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"ed437dbe3dae623d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-2.png>; rel="canonical"
content-length
38272
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-3.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png?w=703&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"18b05cc41b8c8077"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-3.png>; rel="canonical"
content-length
9932
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-4.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"6570439123b0c25d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-4.png>; rel="canonical"
content-length
26432
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-5.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"9538ddc6e410a704"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-5.png>; rel="canonical"
content-length
25826
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-6.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png?w=708&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"edb0291d35c0eb4e"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-6.png>; rel="canonical"
content-length
16334
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-7.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png?w=707&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"82921d3f8a4dead2"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-7.png>; rel="canonical"
content-length
24980
expires
Sun, 15 Sep 2024 22:38:54 GMT
jackpos-8.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png?resize=1024%2C730&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Fri, 16 Sep 2022 10:38:54 GMT
server
nginx
etag
"d09f1d1191ed0710"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/jackpos-8.png>; rel="canonical"
content-length
141934
expires
Sun, 15 Sep 2024 22:38:54 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"156244085faab7d3"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
6414
expires
Sat, 05 Nov 2022 20:12:40 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 08:12:40 GMT
server
nginx
etag
"312ff21e46f29f3d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7482
expires
Sat, 05 Nov 2022 20:12:40 GMT
newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Dec 2020 07:29:12 GMT
server
nginx
etag
"a6fb49f7a00a0498"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
6336
expires
Thu, 15 Dec 2022 19:29:12 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Thu, 29 Sep 2022 20:30:11 GMT
x-content-type-options
nosniff
last-modified
Wed, 22 Jun 2022 21:28:00 GMT
server
nginx
etag
"89e5fea0740da8de"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.co/wordpress/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Sat, 22 Jun 2024 09:28:00 GMT
pview
l.sharethis.com/ 		0
380 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1664483411751.44549&hostname=securityaffairs.co&location=%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&title=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sop=false&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&description=JackPOS%20was%20detected%20by%20security%20experts%20at%20IntelCrawler%20firm%20several%20days%20ago%20and%20it%20seemed%20based%20on%20code%20from%20%E2%80%9CAlina%E2%80%9D.%20Attacks%20on%20POS%20are%20on%20the%20rise.%20A%20new%20strain%20of%20Point-of-Sale%20malware%20named%20%E2%80%9CJackPOS%E2%80%9D%20was%20discovered%20by%20IntelCrawler%2C%C2%A0a%C2%A0cyber%20intelligence%20firm%20from%20Los%20Angeles%2C%20confirming%20the%20growing%20trend%C2%A0of%C2%A0Point-of-Sales%20malware%C2%A0after%20the%C2%A0Target%C2%A0data%20breach.%C2%A0JackPOS%C2%A0was%20detected%20several%20days%20ago%20%5B%E2%80%A6%5D&img_pview=true
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.210.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-210-187.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:11 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Date
Thu, 29 Sep 2022 20:30:12 GMT
Server
Apache
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=51978
Connection
keep-alive
Content-Length
15
collect
region1.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-8ZWTX5HC4Z&gtm=2oe9s0&_p=100537113&gdid=dZTNiMT&cid=1018184806.1664483412&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1664483411&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		209 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bd6b9ac5ee4fa5a4ca616753ec4a472fcc090d6f2d50f23845a7e92282eecd5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75039
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 29 Sep 2022 20:30:11 GMT
hb_v2.js
cdn.pixfuture.com/ 		36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: http://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32057a4fe8307e26fd0454086a48c79f3d5cbd8e79fbbdfc734ff557fda38f25

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 26 Sep 2022 13:01:02 GMT
server
cloudflare
age
112959
etag
W/"6331a28e-8e07"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMl%2F3zK5rREwDS0nz5LjluBsHFzH3K7iiARSuYlmyQd%2Fx%2BmT0PeX4Rx%2BZfvIlLsuVU17Hd6S8nOM3gySfSDe1%2FdTq%2Fk5yVbmlPA2qerhhINAMfe%2Bt0xVHpvzH2THSvQ6VeXx62lQh642dFUXumH3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=172800, no-transform
cf-ray
752779ad5d5f901c-FRA
expires
Fri, 30 Sep 2022 13:07:31 GMT
g.gif
pixel.wp.com/ 		50 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://pixel.wp.com/g.gif?v=ext&j=1%3A11.3.2&blog=29506073&post=22121&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2493&rand=0.8138395113844505
Requested by
Host: securityaffairs.co
URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Protocol
HTTP/1.1
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 29 Sep 2022 20:30:12 GMT
Cache-Control
no-cache
Server
nginx
Connection
keep-alive
Content-Length
50
Content-Type
image/gif
collect
region1.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe9s0&_p=100537113&cid=1018184806.1664483412&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1664483412&sct=1&seg=0&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j97&aip=1&a=100537113&t=pageview&_s=1&dl=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ul=en-us&de=UTF-8&dt=JackPOS%20malware%20presented%20as%20a%20Java%20Update%20SchedulerSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAAC~&jid=731373503&gjid=591908711&cid=1018184806.1664483412&tid=UA-59069958-1&_gid=822545523.1664483412&_r=1&gtm=2ou9s0&did=dZTNiMT&gdid=dZTNiMT&z=1912794840
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pbix.js
cdn.pixfuture.com/ 		395 KB
396 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf927c4e61681bb6f40d5a1d2be968567eb720a667d6c259db51332884e06d91

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 15 Sep 2022 14:24:21 GMT
server
cloudflare
age
106830
cf-polished
origSize=405747
etag
W/"63233595-630f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2FrWBWHU%2BMuT77bgAAd8CmOM%2B2%2FJ7Bvq4CHgqxODm8gHVwRrskTFsBq2u2F5W2JOIaRi51jIHa4Vo%2Fm6A3DKXFYS0BwWlmgABg7XndFvENmDsulFGIEtb9kAg7qt%2BGM%2FuTOH%2BIno9p1%2B9tG%2BjnDE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
public, max-age=172800, no-transform
cf-ray
752779ae0f54901c-FRA
expires
Fri, 30 Sep 2022 14:49:40 GMT
r.js
aa.agkn.com/adscores/ 		0
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.137.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-137-124.eu-west-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type
application/javascript;charset=iso-8859-1
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		9 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ffb769be7ecd1e45098366f82f9b9e6f173c613a5180672a7a450e0278aabccc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=jackpos,malware,presented,as,java,update,schedulersecurity,affairs&refUrl=&refresh=false&innerWidth=1600
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
170dd3a575229c4b0c95ac25e2abcb7110cdda8130c50390dad748a4aadaee43

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
server
nginx/1.10.3 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
flping.php
lg3.media.net/ 		15 B
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg3.media.net/flping.php?reason=0&action=16&pid=8PO4A4J48&gdpr=1&cid=8CU5BD6EW&crid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=21600

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=21600
Date
Thu, 29 Sep 2022 20:30:12 GMT
Server
Apache
ntCoent-Length
15
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=51978
Connection
keep-alive
Content-Length
15
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
http://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 29 Sep 2022 20:30:12 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
466829
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=60ABOXw1WndJeStGWUxrTHNsYU1ESkttbHFMSHhmRnBsOUlqVWUrb3U0MnB4a2dCMlA3anlPVmJqeVZkMUdpTEVBamY3M2RQMG9UanJzYndQaVByRXc3SU4yUEJHejJvdU5HUHVMaHJYbituZWVrTW5NaktXOGZGTERUUm...
367 B
654 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=60ABOXw1WndJeStGWUxrTHNsYU1ESkttbHFMSHhmRnBsOUlqVWUrb3U0MnB4a2dCMlA3anlPVmJqeVZkMUdpTEVBamY3M2RQMG9UanJzYndQaVByRXc3SU4yUEJHejJvdU5HUHVMaHJYbituZWVrTW5NaktXOGZGTERUUm84a2gyYW1rbVgrUGxHQm1GbWhtY09rM3FhS212WDh1ZkVDd1NYNjRuS1Z2RWJlcHRVamdtRTJJalprTWt3bURhamJ6aTNtRjhJa1UxK1JTVFVoSnFES0UxYjZ6bWo2MUtPZGpSb21FdURPZkVaeVpwUUNhRjNpVHNVOHpKbnZoemNNSzlwMDlofA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
faa0f8b52a59989521c6646411de1aef196de3760ac681a3d921ee67ec846746
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
643989
expires
0

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
location
https://mug.criteo.com/sid?cpp=60ABOXw1WndJeStGWUxrTHNsYU1ESkttbHFMSHhmRnBsOUlqVWUrb3U0MnB4a2dCMlA3anlPVmJqeVZkMUdpTEVBamY3M2RQMG9UanJzYndQaVByRXc3SU4yUEJHejJvdU5HUHVMaHJYbituZWVrTW5NaktXOGZGTERUUm84a2gyYW1rbVgrUGxHQm1GbWhtY09rM3FhS212WDh1ZkVDd1NYNjRuS1Z2RWJlcHRVamdtRTJJalprTWt3bURhamJ6aTNtRjhJa1UxK1JTVFVoSnFES0UxYjZ6bWo2MUtPZGpSb21FdURPZkVaeVpwUUNhRjNpVHNVOHpKbnZoemNNSzlwMDlofA&cppv=2
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
519817
content-length
0
expires
0
prebid
id5-sync.com/api/config/ 		135 B
546 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.111 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203177.ip-141-95-33.eu
Software
/
Resource Hash
140e17bdd8186191131c02a6da856adbda9a3d9b961f994407e67f4caeca48e5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		63 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
5ce3a089d3f62aab2f5f0fc5c2bc9eb3c06ed2e40bd29f980e7b1ba9fb4b3d4b

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
http://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sat, 29 Oct 2022 20:30:12 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
1e0156ce-2ec9-4576-afb6-50de8954fa8e
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
96943bb8-b2a3-447d-a16e-b80606a49aad
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Protocol
HTTP/1.1
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
0542f066-1bc8-4d5b-99bf-e03e23a0877d
Server
nginx/1.21.3
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
db8f79b7-eaf1-4687-9ba3-adccf3f92076
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
331 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.66 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216537.ip-141-95-98.eu
Software
/
Resource Hash
850d7f1f697b77be305819aef6aae76f6fdc46cfa24b35f6506de11cd140e365

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
cookie_sync
prebidserver.pixfuture.com/ 		281 B
597 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
281
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6f878d5e6de601bd4c9c184a915a1d947898430e800f993f60044f5a38dde268

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		284 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=60809bf5-263b-42ad-99a2-396c05481806%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=5995026c-8118-470b-8e0c-3fd83d0c1655&l_pb_bid_id=47d389225d1be7&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8082448746935185
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a6173937554b7b2c2c3788f637bbcb5bfd10f9b4d6348da0142b855df237c540

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
http://securityaffairs.co
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
284
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/universal/ 		0
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.194.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:11 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
trinity.json
apex.go.sonobi.com/ 		94 B
594 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2210444dc56f6c43%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=e588fa0c-9e16-42f5-a63d-c8d12a63780a&pv=8a223e21-5d6a-40ec-a66e-b2cec77c4e07&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2260809bf5-263b-42ad-99a2-396c05481806%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2260809bf5-263b-42ad-99a2-396c05481806%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
0df4f6eec788b7cfaab10b0553db6a0b2ebe7f6e10469b931bc570a13540479a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-118
content-type
application/json
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
119
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		139 B
989 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0dc2c69e574bf2b3f29d3adbe886e87b500539a39f6ffbc80c6776622119d7b7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
2bfffa74-36ff-4cb6-8b55-f6bac4c88c32
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
http://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		0
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
vary
Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
http://securityaffairs.co
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-length
0
bid
ap.lijit.com/rtb/ 		94 B
753 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
9d80cc94a91dd2f84a5617c8b40162e0acc972ba1c37d72d42bd0fe115d6b6c5

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
pod
X-Sovrn-Pod: ad_ap7ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
http://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
99
prebid
prebid.media.net/rtb/ 		1 KB
915 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d51ee46aa2124408dee04d740ccc8626463ff7d611151a148668cd2624946a8b

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
hb
ssc.33across.com/api/v1/ 		87 B
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
f697de2d405439b3209da8365171b0c796e890083188cf0b3fe1e23bcc42f54b

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
http://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
hb.emxdgt.com/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1664483412778&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.42.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-42-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5995026c-8118-470b-8e0c-3fd83d0c1655&nocache=1664483412779&pubcid=60809bf5-263b-42ad-99a2-396c05481806&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
ec1d4ae0b6ab41e39f859c16f4950bda848e4003209994d01a789f079344e2f0

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
http://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebidserver.pixfuture.com/openrtb2/ 		154 B
481 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
d593a067f257cf8cfc63e5642da2b9d14d9d203b36aa3c464c15868c7b9ae576

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
154
expires
0
/
hb.emxdgt.com/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hb.emxdgt.com/?t=3000&ts=1664483412789&src=pbjs
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.68.42.108 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-68-42-108.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2847ec9566f657640808c4d791e9fe8d3cc38b78b3a7efc351b1819bbab8c631

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
content-length
7116
content-type
application/json
prebid
prebid.media.net/rtb/ 		1 KB
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e21db9bc9254f6856fac42c81b52c3200c4362adaaf01efb01687e80fe8e3ee7

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
v1
prg.smartadserver.com/prebid/ 		171 B
564 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
http://securityaffairs.co
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		139 B
989 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0b74ce0bbd5ebfce4d75159ac2e195c285ac33a432329a715a08c6154f5c76b3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
AN-X-Request-Uuid
6130ead1-5faf-496a-b9fe-2c79136b316b
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
http://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
139
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		283 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=60809bf5-263b-42ad-99a2-396c05481806%5E1&rf=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=af055eb4-8062-4887-a886-d79a6267b8ec&l_pb_bid_id=373ffe15c3fb203&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.11261388058597777
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
ed3c13fd06b2263f2b4429a44906489ec1fae26fff7c0f5e4e245163b3c868c4

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:12 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
http://securityaffairs.co
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
283
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
5d629d1ab36f64456e78dd4ad6e03e61b6f1f3093ab92b4777ba4ad2b605ce80

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
http://securityaffairs.co
access-control-allow-credentials
true
content-length
2961
arj
pixfuture2-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=af055eb4-8062-4887-a886-d79a6267b8ec&nocache=1664483412794&pubcid=60809bf5-263b-42ad-99a2-396c05481806&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWphY2twb3MsbWFsd2FyZSxwcmVzZW50ZWQsYXMsamF2YSx1cGRhdGUsc2NoZWR1bGVyc2VjdXJpdHksYWZmYWlycyZteW90aGVya2V5d29yZD1qYWNrcG9zLG1hbHdhcmUscHJlc2VudGVkLGFzLGphdmEsdXBkYXRlLHNjaGVkdWxlcnNlY3VyaXR5LGFmZmFpcnM%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
02dfd93cdb067aa3b448d8e13ec66e62a9a83212384c099d6d3d0d93ad744d59

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
http://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/ 		0
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.194.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-194-177.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:12 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
trinity.json
apex.go.sonobi.com/ 		95 B
695 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22472b18400f55e6c%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&s=c84934bb-4ccc-4a03-be0f-e4a59b8e09eb&pv=8a223e21-5d6a-40ec-a66e-b2cec77c4e07&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2260809bf5-263b-42ad-99a2-396c05481806%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2260809bf5-263b-42ad-99a2-396c05481806%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=jackpos%2Cmalware%2Cpresented%2Cas%2Cjava%2Cupdate%2Cschedulersecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.9 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
23f15beed9d03535718c088005381f36133f9b6ffeaf4f38150a2325a0ae5e52
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-41
content-type
application/json
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin
http://securityaffairs.co
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
120
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		94 B
752 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
6e8ddde2d08019f5c90bb1bb0caa0a3b149c67f6f41c0850786bdc0ec87f4b0d

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:12 GMT
content-encoding
gzip
pod
X-Sovrn-Pod: ad_ap7ams1
vary
Accept-Encoding, User-Agent
access-control-allow-methods
GET, POST, DELETE, PUT
content-type
application/json
access-control-allow-origin
http://securityaffairs.co
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Content-Type
content-length
98
hb
ssc.33across.com/api/v1/ 		87 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
9af79da0ed2e5a539db4924ea20a4002da6b7d53b6bbcddacc14922731c49adc

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
http://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
529.json
id5-sync.com/g/v2/ 		216 B
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.111 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203177.ip-141-95-33.eu
Software
/
Resource Hash
968270ff6fa810e5e7f65b7d50c400b13755e75272ae97cbdf91efe151793b5e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
http://securityaffairs.co
date
Thu, 29 Sep 2022 20:30:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=60ABOXw1WndJeStGWUxrTHNsYU1ESkttbHFMSHhmRnBsOUlqVWUrb3U0MnB4a2dCMlA3anlPVmJqeVZkMUdpTEVBamY3M2RQMG9UanJzYndQaVByRXc3SU4yUEJHejJvdU5HUHVMaHJYbituZWVrTW5NaktXOGZGTERUUm84a2gyYW1rbVgrUGxHQm1GbWhtY09rM3FhS212WDh1ZkVDd1NYNjRuS1Z2RWJlcHRVamdtRTJJalprTWt3bURhamJ6aTNtRjhJa1UxK1JTVFVoSnFES0UxYjZ6bWo2MUtPZGpSb21FdURPZkVaeVpwUUNhRjNpVHNVOHpKbnZoemNNSzlwMDlofA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 29 Sep 2022 20:30:12 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
580274
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
ads.us.e-planning.net/uspd/1/ Frame 955C
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.251 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
ads.us.e-plannning.net
Software
openresty /
Resource Hash
4be89010482d7fcd9984cba864a6491ff2be25ea936cb1e9de9cded85a6e1a24

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
expires
Thu, 29 Sep 2022 20:30:13 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-936

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Thu, 29 Sep 2022 20:30:13 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
AMS-936
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 1002 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d47e4acbdebe4408efe0fceef1451af67ed351d6a5e00d1793822f450db99968
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
15442322739177003183
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Timing-Allow-Origin
*
Content-Length
40181
X-XSS-Protection
0
Expires
Thu, 29 Sep 2022 20:30:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 01 Oct 2022 20:30:13 GMT
show_ads.js
pagead2.googlesyndication.com/pagead/ Frame 5DA8 		112 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
728910fae0ac9aa3efd2ba350e26b3249d89d6e5ab6efff786839b78da30ffff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
974420322257392119
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Timing-Allow-Origin
*
Content-Length
40185
X-XSS-Protection
0
Expires
Thu, 29 Sep 2022 20:30:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 01 Oct 2022 20:30:13 GMT
ptag
a.audrte.com/ Frame 955C 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
4a17d9e643411aab5e65cca9cb0a4f71a41aff8f27e5a85de2d138e9b621163f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:13 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1683
lotame20220615.js
s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/ Frame 955C 		566 B
521 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.250 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
last-modified
Wed, 15 Jun 2022 16:21:31 GMT
server
openresty
etag
W/"62aa070b-236"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Tue, 28 Sep 2027 20:30:13 GMT
um
u-ams03.e-planning.net/ Frame 955C
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D01e2750475341cd6%26uid%3D%24UID
  • https://u-ams03.e-planning.net/um?dc=8103fa85295fbe60&fi=01e2750475341cd6&uid=6330426637545280149
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams03.e-planning.net/um?dc=8103fa85295fbe60&fi=01e2750475341cd6&uid=6330426637545280149
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
185.172.90.251 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
ads.us.e-plannning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

server
openresty
date
Thu, 29 Sep 2022 20:30:13 GMT
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
AN-X-Request-Uuid
bb95dbc9-1a6d-4562-beb8-8963df4eb5ef
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://u-ams03.e-planning.net/um?dc=8103fa85295fbe60&fi=01e2750475341cd6&uid=6330426637545280149
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
u-ams03.e-planning.net/ Frame 955C
Redirect Chain
  • https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3De64f73568d2b3c34%26fi%3D01e2750475341cd6%26uid%3D%24UID&partner=eplanning
  • https://ce.lijit.com/merge?pid=279534&3pid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10&gdpr=0&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRN...
  • https://ce.lijit.com/merge?pid=279534&3pid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10&gdpr=0&gdpr_consent=&us_privacy=&location=https%3A%2F%2Fssp.disqus.com%2Fmatch%3Fbidder%3D12%26buyeruid%3D%5BSOVRN...
  • https://ssp.disqus.com/match?bidder=12&buyeruid=FZiOqRZHARwkHVUTS2CyNMaL&r=Cid1YS02NzJjNGIzZi1lMTc3LTNkNzktYTYzYy1hOWFjZDc2MTljMTAa-QFDUGdFTUFBUGdFTUFBQWNBQkJFTkNpQ2dBQUFBQUhfQUFDaFFBQUFTQUFKTU5XNG...
  • https://u-ams03.e-planning.net/um?dc=e64f73568d2b3c34&fi=01e2750475341cd6&uid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams03.e-planning.net/um?dc=e64f73568d2b3c34&fi=01e2750475341cd6&uid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
185.172.90.251 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
ads.us.e-plannning.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Redirect headers

location
https://u-ams03.e-planning.net/um?dc=e64f73568d2b3c34&fi=01e2750475341cd6&uid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
cache-control
no-store
content-length
0
vary
origin
expires
0
dtscout20220831.js
s.e-planning.net/esb/4/0/1992d/1cb3be2948515989/ Frame 955C 		478 B
514 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/1cb3be2948515989/dtscout20220831.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.250 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
bc9316039e195480aa7580b1acd1619b0d1290c164abcd64ce536f15a32f0996

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
last-modified
Wed, 31 Aug 2022 19:37:37 GMT
server
openresty
etag
W/"630fb881-1de"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Tue, 28 Sep 2027 20:30:13 GMT
usync.html
eus.rubiconproject.com/ Frame 80C7
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_eu&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 29 Sep 2022 20:30:13 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Thu, 29 Sep 2022 20:30:13 GMT
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
server
AkamaiGHost
usermatch
ssum.casalemedia.com/ Frame D700
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a18235f8098ed14d14fd4f391ee9ebb1991ffe6672563a190e3a0a7cdd143af

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
752779b679565b8c-FRA
content-encoding
br
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FkGgzfNDbkYTbWSIJ007aJJHw4hMlbrhc4%2BXd4DqskE6DLPJRd1y5d96jWz5EfXe0iGJID9TDRQYjSHIiDbju%2B%2Bi57%2FK%2Bf3ZfN8%2BjD0zKvzbdPhtXwC6C3k%2BEowejvluVIoKWGJ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
752779b5ac979b49-FRA
content-length
0
date
Thu, 29 Sep 2022 20:30:13 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BDKgS94DOv2pfhR9kIsoCgzK%2Fbbh3uGaUrPAgokI39nZfKEJ5WKsMP3oO54MwwdRjbjr7d6wZ4jQ92sFoVXuThMjhM3PuXx8gj2L42u%2B3OS9kuzvucsdNJ7UJxJjACuJHd9STGU"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 4A06 		1 KB
1002 B 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 Lovettsville, United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
137109
cf4ttl
157680000.000
content-encoding
gzip
content-length
624
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
etag
W/"61ddbb71-5f5"
expires
Tue, 18 May 2027 11:39:16 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-reqid
dcd6471dff4f11ef8866fb472243835c
x-cf-tsc
1653097467
x-cf1
29080:fD.fra2:co:1585621119:cacheN.fra2-01:H
x-cf2
H
x-cf3
H
x-cff
B
/
onetag-sys.com/usync/ Frame 4224 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 417E 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d7a2684bab6714219ab87750ec845dc76f65bccd7bf21e58bf1b6ead6b8ecc0

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
cf-cache-status
DYNAMIC
cf-ray
752779b58ca5699b-FRA
content-encoding
br
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
server
cloudflare
vary
Origin
via
1.1 google
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/ Frame 1002 		349 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1ee842040f3e9a4a2e5dd695cf0b45db97898691ce3b7bc31b6b935298b55af4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125817
x-xss-protection
0
server
cafe
etag
13812699721889312816
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 29 Sep 2022 20:30:13 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/ Frame 5DA8 		348 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4ed449bdc2a8c8f559cb10af7ddc3d4ddb16a6024b4e5c110c9c5432b58fd0e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125658
x-xss-protection
0
server
cafe
etag
14660630479451275039
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 29 Sep 2022 20:30:13 GMT
getuid
ib.adnxs.com/ Frame 417E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
pixel
cm.g.doubleclick.net/ Frame 417E 		170 B
502 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=005b1d45-abaa-48a9-b682-37471ff5c2cf&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=005b1d45-abaa-48a9-b682-37471ff5c2cf&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b6cfdb699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=005b1d45-abaa-48a9-b682-37471ff5c2cf&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 417E 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
generic
match.adsrvr.org/track/cmf/ Frame 417E 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cm
trc.taboola.com/sg/zeotap/1/ Frame 417E 		0
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-vcl-time-ms
9
date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 varnish
x-cache-hits
0
server
nginx
x-timer
S1664483413.482670,VS0,VE9
x-cache
MISS
accept-ranges
bytes
content-length
0
x-served-by
cache-hhn4023-HHN
u
dmp.v.fwmrm.net/ad/ Frame 417E 		0
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:6593:f607:ba15:f8ca:726:bfa6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
Content-Type
text/html
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 417E 		0
166 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 29 Sep 2022 20:30:13 GMT
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=f7a80584-6d42-4854-81b6-672e17d3d65a&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=f7a80584-6d42-4854-81b6-672e17d3d65a&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779ba0feb699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=f7a80584-6d42-4854-81b6-672e17d3d65a&zpartnerid=317&gdpr=1&gdpr_consent=
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=22816408363959778252804574423635207623&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=22816408363959778252804574423635207623&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b799c6699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcscanary-prod-irl1-1-v051-0d443fb62.edge-irl1.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
4M468vopQuU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=22816408363959778252804574423635207623&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame 417E 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=dba5f86e-6356-4a77-7cab-af16129f5659&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022093010-24644-0.801894001664527954-9fde28c6533c6caeb2c1a52e5b9058e5&zdid=533&env=mWeb
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022093010-24644-0.801894001664527954-9fde28c6533c6caeb2c1a52e5b9058e5&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b70885699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022093010-24644-0.801894001664527954-9fde28c6533c6caeb2c1a52e5b9058e5&zdid=533&env=mWeb
Date
Fri, 30 Sep 2022 08:52:34 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7148901823588006036&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=7148901823588006036&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b728b5699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7148901823588006036&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Date
Thu, 29 Sep 2022 20:30:13 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
check
pixel.tapad.com/idsync/ex/receive/ Frame 417E
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659
95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H3
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
image/png
date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=dba5f86e-6356-4a77-7cab-af16129f5659
date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=dba5f86e-6356-4a77-7cab-af16129f5659&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=dba5f86e-6356-4a77-7cab-af16129f5659&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=lVvsQFa7I5QgZmh1VxQoQ.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-43...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=lVvsQFa7I5QgZmh1VxQoQ.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b80ae9699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
last-modified
Thu, 29 Sep 2022 20:30:13 GMT
server
Weborama Collect Frontend
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location
https://mwzeom.zeotap.com/mw?webouuid=lVvsQFa7I5QgZmh1VxQoQ.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame 417E 		0
84 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=dba5f86e-6356-4a77-7cab-af16129f5659&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.15.245.82 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=dba5f86e-6356-4a77-7cab-af16129f5659?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=dba5f86e-6356-4a77-7cab-af16129f5659?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b85bad699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

expires
0
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
cache-control
no-cache
x-server
10.45.26.185
content-length
0
x-consent
absent
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-P2B.zetE2oqU2Kpcl5U0jdd0JZtCIH8mdg--~A&zpartnerid=570&env=mWeb
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-P2B.zetE2oqU2Kpcl5U0jdd0JZtCIH8mdg--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b81b11699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000
via
http/1.1 spdc0110.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-P2B.zetE2oqU2Kpcl5U0jdd0JZtCIH8mdg--~A&zpartnerid=570&env=mWeb
content-length
0
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MjjoqVWHhTjCEWaNgYR09uRbCuAJT%2FOc%2BS41iYitP1U%3D
95 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MjjoqVWHhTjCEWaNgYR09uRbCuAJT%2FOc%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b63e8c699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=MjjoqVWHhTjCEWaNgYR09uRbCuAJT%2FOc%2BS41iYitP1U%3D
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
v2
odr.mookie1.com/t/ Frame 417E 		43 B
356 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
server
Apache
content-type
image/gif;charset=UTF-8
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 417E 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.58.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-58-201.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-served-by
beacon-n006-dub-prod.krxd.net
date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
private, no-cache, no-store
x-request-time
D=52 t=1664483413
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 417E 		95 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
157.90.211.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.246.211.90.157.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
image/png
date
Thu, 29 Sep 2022 20:30:13 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cQZGoH6Q
sync-tm.everesttech.net/upi/pid/ Frame 417E 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-cache-hits
0
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 varnish
server
Varnish
x-timer
S1664483414.879013,VS0,VE0
x-cache
MISS
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-served-by
cache-hhn4032-HHN
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=81bf6336-0055-4500-b8c1-9f14532a4c11&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba9...
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=81bf6336-0055-4500-b8c1-9f14532a4c11&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779bbcc2d699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Thu, 29 Sep 2022 20:30:14 GMT
Server
MT3 4525 e1952b7 master zrh-pixel-x30 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Location
https://mwzeom.zeotap.com/mw?cid=81bf6336-0055-4500-b8c1-9f14532a4c11&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Expires
Thu, 29 Sep 2022 20:30:13 GMT
usermatch.gif
beacon.krxd.net/ Frame 417E
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1c...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
54.76.58.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-58-201.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-served-by
beacon-n021-dub-prod.krxd.net
date
Thu, 29 Sep 2022 20:30:14 GMT
cache-control
private, no-cache, no-store
x-request-time
D=23 t=1664483414
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
date
Thu, 29 Sep 2022 20:30:14 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a002-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame 417E
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7ca...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7ca...
43 B
568 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Server
52.94.222.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
JNGJKWZBN96J2SHF7DR2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
R56HEXNF9ERE2CPK8ZAH
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=dba5f86e-6356-4a77-7cab-af16129f5659&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 417E 		0
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/87734?id=dba5f86e-6356-4a77-7cab-af16129f5659&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.96.159.57 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-96-159-57.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
95 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b9bf18699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
date
Thu, 29 Sep 2022 20:30:14 GMT
cross-origin-resource-policy
cross-origin
content-length
0
token
pixel.rubiconproject.com/ Frame 417E 		0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/token?pid=41544&puid=dba5f86e-6356-4a77-7cab-af16129f5659&pt=d[&gdpr=1&gdpr_consent=]
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
mw
mwzeom.zeotap.com/ Frame 417E
Redirect Chain
  • https://x.bidswitch.net/syncd?dsp_id=461&user_group=1&expires=5&user_id=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BBBSW_UUID%7D%26cookie_age%3D%24...
  • https://x.bidswitch.net/ul_cb/syncd?dsp_id=461&user_group=1&expires=5&user_id=dba5f86e-6356-4a77-7cab-af16129f5659&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BBBSW_UUID%7D%26cookie_age...
  • https://mwzeom.zeotap.com/mw?cid=${BBSW_UUID}&cookie_age=${COOKIE_AGE}&env=mWeb&zpartnerid=1771&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fb...
95 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=${BBSW_UUID}&cookie_age=${COOKIE_AGE}&env=mWeb&zpartnerid=1771&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b98e94699b-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=${BBSW_UUID}&cookie_age=${COOKIE_AGE}&env=mWeb&zpartnerid=1771&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Date
Thu, 29 Sep 2022 20:30:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cmp.min.js
spl.zeotap.com/ Frame 417E 		557 B
467 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05cddf977df8e2692fc92f8b491ec4957c7d6230a96f76237125b63b5ffb926e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
752779b5fdc7699b-FRA
access-control-allow-headers
*
usync.js
eus.rubiconproject.com/ Frame 80C7 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:13 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Sep 2022 22:38:47 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=50198
Connection
keep-alive
Content-Length
9421
Expires
Fri, 30 Sep 2022 10:26:51 GMT
cmp
spl.zeotap.com/ Frame 417E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
cf-cache-status
DYNAMIC
cf-ray
752779b65ed6699b-FRA
date
Thu, 29 Sep 2022 20:30:13 GMT
server
cloudflare
vary
Origin
via
1.1 google
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 80C7 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=eplanning_eu&khaos=L8NIG529-1F-3L5X
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usermatchredir
ssum-sec.casalemedia.com/ Frame D700
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&gdpr_consent=&us_privacy=&gdpr=&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEARq6QpCC1zeF6so3dwH6g4&google_cver=1
43 B
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEARq6QpCC1zeF6so3dwH6g4&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xQ5LexmjfMNM7DQynpS8POPE7vwkNzdR47uAD4niIWf2UOSec3kmiC2VJGHCAz1XKk8JspxRsH1NyrID5yVWCTHJFW%2BlbOdg%2FUR3qVw%2BRDzpXlxoPL8sdXA8zhn1OdKbvpY62UjlmiieA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779b9cd16bbc8-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEARq6QpCC1zeF6so3dwH6g4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame D700
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YzYAVWb-oGuElAM5rmMpoQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOT0SBA2KUAd57z8ZSl1cVE&google_cver=1
43 B
847 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOT0SBA2KUAd57z8ZSl1cVE&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l07ure%2BchxA6hixHAol0mq3%2F9NcAsU%2FoXRXCoCufx1AqXlNRTn4TI5w8zw7uSc8HrV7%2Blsfzxtst%2FGkVBOnkmx8Jd%2FSPyStNvpgVN8UMd5cap%2FHZr3Z7lFId%2BwJ2UBbAj0RLp8tS93cu0w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779b879179b88-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEOT0SBA2KUAd57z8ZSl1cVE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame D700
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
3YG35ZJAK0SV9JPM4NN3
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
9GGQ8H13H8XZMWNZ7AWA
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YzYAVWb_oGuElAM5rmMpoQAABLcAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame D700 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame D700
Redirect Chain
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=&knw=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
43 B
878 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H3
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dXuRKyjr4CS%2FOlNSsLRhAlsSaA10xW5tU%2FTfIeC%2B0yvYStMAIO6mdSU8OcATI1knzElIDM8SMwO6XhxdmpBqzNy75n5fdKkBjpZoHZP1QKnDGm35r5Dvcp8Bs5Vslj5iDDh4UXUxtHPpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779b8790c9b88-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Thu, 29 Sep 2022 20:30:13 GMT
server
nginx
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
access-control-allow-origin
*
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
content-type
text/html; charset=UTF-8
cache-control
no-cache
keep-alive
timeout=10
access-control-allow-headers
Origin
ie
match.prod.bidr.io/cookie-sync/ Frame D700 		43 B
433 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/ie
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.190.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-190-42.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
content-type
image/gif
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
csync.loopme.me/ Frame D700 		0
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:ac6c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
752779b75bb99159-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
crum
dsum-sec.casalemedia.com/ Frame D700
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=81bf6336-0055-4500-b8c1-9f14532a4c11
43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=81bf6336-0055-4500-b8c1-9f14532a4c11
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9E%2FMApYLsFrroCA42MQ3PW7S0441W9MEzxgGaAz7ZYCPwieLaW3eHQJ6iiWSigDIkjGrLGL%2FPLPcIR55DQQswuVM4kn%2FstnOGuiF%2FKbvv6RVP4j31HmHX0u8iY0BO7E1wP38c17lQNLhvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779b7ea9b9b9e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Date
Thu, 29 Sep 2022 20:30:13 GMT
Server
MT3 4525 e1952b7 master zrh-pixel-x4 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=81bf6336-0055-4500-b8c1-9f14532a4c11
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 29 Sep 2022 20:30:12 GMT
um
u-ams03.e-planning.net/ Frame D700 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams03.e-planning.net/um?dc=99e41df815fd80b4&fi=01e2750475341cd6&uid=YzYAVWb-oGuElAM5rmMpoQAA%261207
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D01e2750475341cd6%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.251 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
ads.us.e-plannning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

server
openresty
date
Thu, 29 Sep 2022 20:30:13 GMT
content-type
image/gif
tap.php
pixel.rubiconproject.com/ Frame 80C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/mNsGPDHWgJe7cJ-2h34Hgsn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1122319897752120027
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1122319897752120027
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Thu, 29 Sep 2022 20:30:13 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=1122319897752120027
content-length
0
rubicon
match.adsrvr.org/track/cmf/ Frame 80C7 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 80C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzU5ZWQxNWVhOTQxYzUzYzM5NDM2OTU3MDU1MTRkNWY3YmRkMTAwZA
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzU5ZWQxNWVhOTQxYzUzYzM5NDM2OTU3MDU1MTRkNWY3YmRkMTAwZA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzU5ZWQxNWVhOTQxYzUzYzM5NDM2OTU3MDU1MTRkNWY3YmRkMTAwZA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 80C7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKxmR5_mlc-XZBW3H27f6_I&google_cver=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKxmR5_mlc-XZBW3H27f6_I&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEKxmR5_mlc-XZBW3H27f6_I&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 80C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhOSUc1MjktMUYtM0w1WA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhOSUc1MjktMUYtM0w1WA==
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:13 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhOSUc1MjktMUYtM0w1WA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 80C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L8NIG529-1F-3L5X
0
706 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L8NIG529-1F-3L5X
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: DC09BB521022468196EA01CF3EF6EDB3 Ref B: DUS30EDGE0422 Ref C: 2022-09-29T20:30:13Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXp1r6gYkdrm8LUP9luuQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L8NIG529-1F-3L5X
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
78e3bdce5107450057bade54d54a0a7e
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 80C7
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=CqW9bwoVR7aTvpqtyjapaw&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=CqW9bwoVR7aTvpqtyjapaw
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=CqW9bwoVR7aTvpqtyjapaw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
52.94.222.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
641QE7PH15D28M1FXYR2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=CqW9bwoVR7aTvpqtyjapaw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame 80C7
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZV4UbAWuR5C9fQk_kHr6MA&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZV4UbAWuR5C9fQk_kHr6MA
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZV4UbAWuR5C9fQk_kHr6MA
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_eu&endpoint=eu
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
8AVX1YAP9KR86M3MQ4BZ
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=ZV4UbAWuR5C9fQk_kHr6MA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cookie.js
partner.googleadservices.com/gampad/ Frame 1002 		222 B
647 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
fc84b10c58f11a32f3d8043f3147b3076ed8946c8a8bd18367c843b13cc9c233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
203
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 1002 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 1002 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 0E33 		64 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
130dd4c1c640a17322211161822b043aa7045b96e51623f1744264ab9fc2f3ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
24944
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Thu, 29 Sep 2022 20:30:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ Frame 5DA8 		222 B
273 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ffc5814ae8cb4866048dacac85edf7c2169b9312441df5e283a1902963c3ecc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 5DA8 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 5DA8 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D7C6 		17 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c2f073fe298e4796b1b4b7239ca66c3f8f59888e39d02f10a6d71fb4f77ecb4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
9531
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Thu, 29 Sep 2022 20:30:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame 955C 		49 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-9.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 05:28:05 GMT
content-encoding
gzip
via
1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront)
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
54184
x-amz-server-side-encryption
AES256
etag
W/"fdcd13007d5be3c218bd461a6aad998b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-id
bQYzXNXYQDRA5J7awnmmd16In_k0cf1ebe7gNnqtU2T5h9lxRu5-_w==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 7CA9 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.250 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=157680000
content-encoding
gzip
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
etag
W/"601b131c-27c"
expires
Tue, 28 Sep 2027 20:30:13 GMT
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
server
openresty
sync
vid.vidoomy.com/ Frame 1883 		49 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D01e2750475341cd6%26uid%3D%7B%7BVID%7D%7D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
etag
W/"61c991db-c5bc"
last-modified
Mon, 27 Dec 2021 10:13:47 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
AdRmOLTHFLGh
x-77-nzt-ray
rzmQlhN9j4s
x-77-pop
frankfurtDE
x-accel-expires
@1665520213
x-cache
MISS
sync
eb2.3lift.com/ Frame 84CC 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3D%24UID%26dc%3D4d76b6ce34af74c9%26iss%3D1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Thu, 29 Sep 2022 20:30:13 GMT
setuid
prebidserver.pixfuture.com/ Frame A097 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=ALQbHyKHKmvabMsu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Thu, 29 Sep 2022 20:30:13 GMT
expires
0
pragma
no-cache
vary
Origin
GS.d
js.cookieless-data.com/ Frame 7CA9 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1664483413791
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.158.29.12 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-29-12.rev.poneytelecom.eu
Software
nginx/1.20.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:13 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
Server
nginx/1.20.2
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 4562 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=130121
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 29 Sep 2022 20:30:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 01 Oct 2022 08:38:55 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 95EA 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.119.107 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
5724
CF-Cache-Status
HIT
CF-RAY
752779bb0ad368ef-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 29 Sep 2022 20:30:14 GMT
Expires
Thu, 29 Sep 2022 21:30:14 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
async_usersync.html
acdn.adnxs.com/dmp/ Frame 21CF 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.51.9.18 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-9-18.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 29 Sep 2022 20:30:14 GMT
ETag
"623de86a-cf34"
Expires
Fri, 30 Sep 2022 20:30:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Unused62
8096267
Vary
Accept-Encoding
checksync.php
contextual.media.net/ Frame 1DB8 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7559da922cf3cebf3133f0dfe3f6aa435899e05211c9066d84ebf853b28ac589
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8307
content-type
text/html; charset=UTF-8
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Sat, 01 Oct 2022 20:30:14 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
check.html
biddr.brealtime.com/ Frame 7667 		926 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.119.107 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
5724
CF-Cache-Status
HIT
CF-RAY
752779bb0f945ca4-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 29 Sep 2022 20:30:14 GMT
Expires
Thu, 29 Sep 2022 21:30:14 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
D8bCfiUfQmFaOPGY9GG00VqkPR8LyxoPPUMDv8kTzcs2w4+RBsqydpo2MRUbL19ONaisLRL7BCw=
x-amz-request-id
AGCHCGNC05GTWZVJ
beacon
ap.lijit.com/ Frame 5D10 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Fri, 20 Mar 2009 00:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pod
X-Sovrn-Pod: ad_ap7ams1
pragma
no-cache
pd
u.openx.net/w/1.0/ Frame 3891 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 29 Sep 2022 20:30:14 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame EA2D 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.51.9.18 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-9-18.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 29 Sep 2022 20:30:14 GMT
ETag
"623de86a-cf34"
Expires
Fri, 30 Sep 2022 20:30:16 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Unused62
8096267
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 00F6 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=130121
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Thu, 29 Sep 2022 20:30:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 01 Oct 2022 08:38:55 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 3CFA 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 29 Sep 2022 20:30:14 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame BBEF 		0
80 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Thu, 29 Sep 2022 20:30:14 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
/
ssc-cms.33across.com/ps/ Frame 293B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip21.67-202-105.static.steadfastdns.net
Software
33XP005 /
Resource Hash

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 29 Sep 2022 20:30:13 GMT
server
33XP005
x-33x-status
2000208
checksync.php
contextual.media.net/ Frame D99C 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUIUMTP7&prvid=2034%2C2033%2C2031%2C2030%2C273%2C2029%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C359%2C97%2C55%2C99%2C2045%2C3012%2C2043%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C9%2C2011%2C3022%2C172%2C3020%2C173%2C294%2C251%2C175%2C2009%2C178%2C3018%2C3017%2C214%2C3016%2C336%2C3014%2C337%2C338%2C70%2C77%2C38%2C261%2C141%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7559da922cf3cebf3133f0dfe3f6aa435899e05211c9066d84ebf853b28ac589
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8307
content-type
text/html; charset=UTF-8
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Sat, 01 Oct 2022 20:30:14 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
beacon
ap.lijit.com/ Frame B232 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon?informer=13480300
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.39 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
date
Thu, 29 Sep 2022 20:30:14 GMT
expires
Fri, 20 Mar 2009 00:00:00 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pod
X-Sovrn-Pod: ad_ap7ams1
pragma
no-cache
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 01 Oct 2022 20:30:14 GMT
vtr.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/vtr.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://securityaffairs.co/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
nginx/1.10.3 (Ubuntu)
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 01 Oct 2022 20:30:14 GMT
usync.js
eus.rubiconproject.com/ Frame 3CFA 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:14 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Sep 2022 22:38:47 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=50197
Connection
keep-alive
Content-Length
9421
Expires
Fri, 30 Sep 2022 10:26:51 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 4562 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=60734714&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-length
0
async_usersync
ib.adnxs.com/ Frame 21CF 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
AN-X-Request-Uuid
e3eb9f01-6b6d-4d95-8b26-98012d9a2894
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame EA2D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
AN-X-Request-Uuid
05cbc265-eefd-4229-af68-6c638b0ef10d
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
css
fonts.googleapis.com/ Frame 0E33 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 29 Sep 2022 19:06:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 29 Sep 2022 20:30:14 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/ Frame 0E33 		2 KB
982 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:26:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
206
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:26:48 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/ Frame 0E33 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:29:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9559
x-xss-protection
0
server
cafe
etag
12142024561622733046
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:29:50 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/ Frame 0E33 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:28:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
86
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:28:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/ Frame 0E33 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:29:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7553
x-xss-protection
0
server
cafe
etag
15375136450269253166
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:29:54 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0E33 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44530
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1664365478704152"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 29 Sep 2022 20:30:14 GMT
270cb447f650f22be90b4349b85576c2.js
www.gstatic.com/mysidia/ Frame 0E33 		32 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 11:18:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
119501
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13677
x-xss-protection
0
last-modified
Fri, 23 Sep 2022 12:48:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 27 Dec 2022 11:18:33 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/4657890946249480943/ Frame 0E33 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4657890946249480943/downsize_200k_v1?w=100&h=100
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d00e36861f441886ebbf4e0a9e410b1cf6d1ceb0bf2da1e066977df31a5d445
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 23:34:12 GMT
x-content-type-options
nosniff
age
75362
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2636
x-xss-protection
0
last-modified
Thu, 30 Jun 2022 09:11:59 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 28 Sep 2023 23:34:12 GMT
ptrack
a.audrte.com/ Frame 955C 		368 B
880 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptrack?arlocation=217.114.218.24&p=M1353665098&artime=2022-09-29T20:30:14.438Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGcHJlYmlkc2VydmVyLnBpeGZ1dHVyZS5jb20lMkZzZXR1aWQlM0ZiaWRkZXIlM0RlcGxhbm5pbmclMjZnZHByJTNEJTI2Z2Rwcl9jb25zZW50JTNEJTI2ZiUzRGIlMjZ1aWQlM0QlMjRVSUQ=&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=c2VjdXJpdHlhZmZhaXJzLmNvLw==
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
080892fdd23426c128218f3f704dda4efd9a2bbf7869e10fe83f6ff92d09f001

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:14 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
263
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame 955C 		155 B
642 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-9.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://ads.us.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 29 Sep 2022 14:05:03 GMT
via
1.1 5d5481cfa85227a3fdd5ff0b03093c62.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
23112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Wed, 03 Aug 2022 18:30:08 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
accept-ranges
bytes
x-amz-cf-id
YfemSeRea0HY5-LeM1k69Vm6CoD3Y6OMQ5eteGSskzRtHsaKewdRyw==
gen_204
pagead2.googlesyndication.com/pagead/ Frame D7C6 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C02AzJP-FC9cx6p8cl3Efl2A3gIaerkpzgnOgqbU9AN8lzt1e22GRrbUhccfWBaV7w9fv7fnzjg3a9vWmAl9ZQPVRHEgKfIWtH9V6CoVQNLUjoYT0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/ Frame D7C6 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:22:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
483
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:22:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/ Frame D7C6 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220927/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:25:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
261
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7553
x-xss-protection
0
server
cafe
etag
15375136450269253166
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:25:53 GMT
l
www.google.com/ads/measurement/ Frame D7C6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTsjF1Wvi7YEJ2CUXR95dn6q0UIjWy4rNecrW6cThdRor7W6RYXo5nOxLGIHjq7ynE8vxDTmbiuxOFdEjKW0tR8eYHm1Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D7C6 		140 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44530
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1664365478704152"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 29 Sep 2022 20:30:14 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame F4FA 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 20:30:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame D7C6 		70 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf8e96e63aa4b0711ed26d0f271cabbf0eed13134e228f765e991a5b156c1117
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31696
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 0E33 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
02c11bd6b17547d07a308bc57ca18ff7c1c37105e7bb276f42a5f5dc43cf482d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/png
data
bcp.crwdcntrl.net/6/ Frame 955C 		20 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.120.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-120-198.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://ads.us.e-planning.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

expires
0
pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://ads.us.e-planning.net
cache-control
no-cache
x-server
10.45.8.169
access-control-allow-credentials
true
content-length
20
x-consent
absent
rum
dsum-sec.casalemedia.com/ Frame F4FA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
43 B
844 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Protocol
H3
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVvjTtGiwWaFBwIKkWIdVaSde8YXrep2mj%2FRFtjrVWp01ODuKZcoxD9czVHhuF7UyG1%2F0s3%2BvXxDvQJb10rG1XGllsLL17v9xDOBFX5Th8fLDP9YYLaUnRq35BOO7eoe5%2BKEOAUfBMQpYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779bdfa659b88-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F4FA
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YzYAVWb-oGuElAM5rmMpoQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
43 B
842 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Protocol
H3
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AyGKJd%2FDYRT5rIl2AbdovryaQ8dc1rjUz27SDvUlVK3ji2zH96ZINGSfGrZDKjG6W%2FvSy%2FYYPY9aRf5r0ehb1mP4TGvcYQLJPkV8SUB8KPq9u2pMgyIypGQ81fXyusQDt2M37MztvdHcNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
752779be5bb99b88-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRzzlYPSXYcwxhpCXWT1X8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame F4FA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFr1zgCkJrSGJsCvKZdxOww&google_cver=1
43 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEFr1zgCkJrSGJsCvKZdxOww&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Protocol
HTTP/1.1
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
AN-X-Request-Uuid
54930509-32b4-4fd7-ae3c-11250f753437
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEFr1zgCkJrSGJsCvKZdxOww&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F4FA
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzMDQyNjYzNzU0NTI4MDE0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzMDQyNjYzNzU0NTI4MDE0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMew9gIQ7P3b8wEY3PGglgEwAQ&v=APEucNUzk2c3NbP80HMrrWspb9PJ7l3KBuAuSGREOBsqYJwF2RmrBmpNA9eAvJUIUndW7du0YdANCQStiKqsySg0plGO4XYcjGszK-KQ1L4CjZRIGFcQzUV_KYiQZXeVr_bSMrb8jyBJ-LcotkmvEWEBZfm9_oHTraaJzNPyrb3ZkydcWWDQJdL-KWeJV1gXJ7_4-uYJB9UNJqg-ODaAejmi5G3t9ZfeGw
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:14 GMT
AN-X-Request-Uuid
854b02bb-d558-43fc-91f3-e324c1e2b9db
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjMzMDQyNjYzNzU0NTI4MDE0OQ%3D%3D
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220927/r20110914/ Frame D7C6 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220927/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b5c422737a3014e58810db4ac5052acbb9cf489d0c303cab94453cc77d4cdfed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:28:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
126
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11724
x-xss-protection
0
server
cafe
etag
16554960040364120486
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:28:08 GMT
BDES-1532_DE-Quantum_Banner-Fix_728x90_DE_v02.png
s0.2mdn.net/10214551/ Frame D7C6 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/10214551/BDES-1532_DE-Quantum_Banner-Fix_728x90_DE_v02.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2006 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
072d37a257b66f95b6ec6ab2ee73674745aec2bed8d08f2fe9b5b1a2876e3bac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Mar 2021 23:08:06 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25383
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 30 Sep 2022 20:30:14 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220927/r20110914/elements/html/ Frame D7C6 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220927/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:19:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
630
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 13 Oct 2022 20:19:44 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D7C6 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFwK2WynFhp0eIuxLS4WjFMxqKannOBfze1X1qalmEcMPLLmw4way_SUulKkTtcLmPUr8AjojDSUFl6E3AM0UkB8qjKeGzONpnPuDm6RcHbcfZ0cRkcrzFNPkujN0ngxj_BKS6c7_iXOCYwMfAmrduWjIcnE4jGVZYSjWx80VSUJlAz7_f3mfwa_ryE3eq6vPF4etKkiJsa_1eOHIIAozX0d9Z4iXCDdtcXiVK1vM8rN3HwZaDrJj7Iz0nWr5bM-P32wB87FFn5dNlvrC0hbcPBCXkVYKzDdmWbUIkIH0wTJnuj-QIgqjueXV8RaLsjIHEXM9OszRCbhKD50Bhdvs4bGSpJp2vkgazKCqyR0e3VdvhLFiJ_oYxFQO73D5q4L_G6q9T0SkrzDKP2s10x_Jdt792AX7x1aCvdW5CHRMH35uYgRBRcJw5WBmDw1Dtyh2KvMgUtPnxnKIZ_hTGaxRwdehZiZeZWhPMIS4QIZK7rSnIKAmEZ7uHCt3fn7nQvl4U9BazLnL9ypulyEn8tFT7WIe3fgryP2AJ4NPdyzQT5ljNmaDNrI_IlyKbAffhSoZAVILj8J-9WVzT14vKmQoCnCeX2x789nE6r8-wfWW_vuF2TRRUVdJPEoywsEHaLLzdMsH2F5CkAqvwknaZzn2qkUjQv3OGiwe3pAv8P1pG7u3rfpdyKdFoxU0EOTt-9LiFcOPx8zMHfhE14HLJcJFaZaPJsaCIn2FvLe9By0-wc8ytYIdno-BFpDo_ikkjdWG6Ylo067DD2XUDmi-c6eUVWD3gZqL_Sa5Tq3bxIWiriwU4fR86jBSOdIdwwuSX9920lOUMWiCdC4_QDcphtNb54KvMTZysTEZdAYdVD-L2hkes6mG7Q72RgdAXsPD3uAC0sNJX-qSYnD7PNbt1-DGYlTKjO3ZzLsXJ3ryu1nJAILhy_CW9Enz1-20FKb426JoXsP9OOwE_dKqNmY1_wyGWyWbEcZGn3aNy0poiU-BQoKDbTaUxJk_MwlER3Q5V1z6QCrowf1XnFKTiwQLN5FFYv-oc0pzVhHjyjuwoztHVctn76rnb4iV1z7pyGQSSA03UIIB0BwlOu5IN2XsFkqxOZYxFfSQMktTAVB6KSj9pln-eTt7IXye6vWLJrj3oZm0w3tCIrINfv-Q3CcT5t7Ja_r_FsW1Eroky4mtc1nMlhPn4Tn4YQxaxtEPUaGK2ZJ7LwCEPGEnsmNjR&sai=AMfl-YStgjLoH9OBWkYwRHoO3FPFnx5_bzorTOrcANC6CRi4H4iNvBPV-yWLspWQCEUCku3zJdKeuLxgKWdVjyn5WSy5Al0xPuO_Sb3J7V6jqZsPOlhM8TeY3T02gYG_Uxcaadud6AUv_4npBQ9GbGr-yDByq54mlXyzPjkHPEL0hbbXFmuVPH5evgWGjdRddF5FewtwwnHiiatME04F&sig=Cg0ArKJSzCJqhpVKh2ltEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=1&cisv=r20220927.73404&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.201.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s35-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 29 Sep 2022 20:30:14 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame D7C6 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36454
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Sep 2023 10:22:40 GMT
i
cdn.bizibly.com/ Frame D7C6 		43 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bizibly.com/i?v=10214551&a=481370136&c=148326442&s=6140839&p=288085345&m=0&n=2275923193
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674C) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
last-modified
Fri, 23 Sep 2022 00:00:47 GMT
server
ECS (frb/674C)
age
592168
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
Image/GIF
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0E33 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 09:26:06 GMT
x-content-type-options
nosniff
age
39848
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 29 Sep 2023 09:26:06 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0E33 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 19:33:08 GMT
x-content-type-options
nosniff
age
89826
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 28 Sep 2023 19:33:08 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0E33 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 19:33:00 GMT
x-content-type-options
nosniff
age
89834
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 28 Sep 2023 19:33:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 1002 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220927&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9c3fa1e5e51b58ed86bc1e0adf73441da6b089d66da26182281a2d4f0624ebbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11139
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame B987 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
46782
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 07:30:32 GMT
etag
48472445140208031
expires
Fri, 30 Sep 2022 07:30:32 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame D7C6 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2abac3d0a75e51953ab5ef5798ba8971b5f5bff336863bb284f87d438b0b94b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type
image/png
EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
pagead2.googlesyndication.com/bg/ Frame 8B26 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=50&slotname=Internal_320x50_0.10&adk=468307373&adf=1480696134&pi=t.ma~as.Internal_320x50_0.10&w=320&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413320&bpp=14&bdt=193&idt=321&shv=r20220927&mjsv=m202209280101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=2&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=1657339784&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=383&ady=957&biw=1600&bih=1200&isw=320&ish=50&ifk=597954707&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31069959%2C42531705%2C31070010&oid=2&pvsid=2187897779385762&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.4p9z1c7ym8gn&fsb=1&xpc=kVMYepINEa&p=http%3A//securityaffairs.co&dtd=351
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
122285db9f84c3c42757d585b75701d549325f150e0d65701389a6a6bfa3a25a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 14:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20057
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15943
x-xss-protection
0
last-modified
Mon, 19 Sep 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 29 Sep 2023 14:55:57 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8D89 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
36453
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 10:22:41 GMT
expires
Fri, 29 Sep 2023 10:22:41 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame B987
Redirect Chain
  • https://a.c.appier.net/gcm?google_gid=CAESEI6YpsjeRkPDyVt1-Duc9WA&google_cver=1&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xWEa_JBfh5w16f7yy
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Y29RcmM3Q3NCeFc2ci1XMVZ3QTJZdw%3D%3D&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xW...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Y29RcmM3Q3NCeFc2ci1XMVZ3QTJZdw%3D%3D&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xWEa_JBfh5w16f7yy
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Y29RcmM3Q3NCeFc2ci1XMVZ3QTJZdw%3D%3D&google_push=AZmPxg9iVuU_PtNGMXJ_7ZE51V-3ZW5Fu36ifv2cIZ3eyuUkjKr56-xNh5saFRBoDzf1C6oHdzUxURWnwW2xWEa_JBfh5w16f7yy
date
Thu, 29 Sep 2022 20:30:15 GMT
cache-control
no-store
content-type
text/html; charset=utf-8
server
nginx
content-length
243
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pixel
cm.g.doubleclick.net/ Frame B987
Redirect Chain
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEJPCA1SbIvDOCLzYOroE_Vg&google_cver=1&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjq...
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESEJPCA1SbIvDOCLzYOroE_Vg&google_cver=1&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjq...
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl&google_hm=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl&google_hm=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 29 Sep 2022 20:30:14 GMT
server
nginx
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
access-control-allow-origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AZmPxg9HC_odZAKg4smGuhARvyBjJrLZao-IKrgS3ztPbLYqKfv8jR_hOLrf_0b-sjJc5EQ4awBt4O-Vjqz56payZBYrLLrPr5tl&google_hm=
content-type
text/html; charset=UTF-8
cache-control
no-cache
keep-alive
timeout=10
access-control-allow-headers
Origin
asr
aid.send.microad.jp/g/ Frame B987 		43 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aid.send.microad.jp/g/asr?google_gid=CAESENlm0auzwLguNr7RDxf8adA&google_cver=1&google_push=AZmPxg-B81dURqVFUqjXhewdlmr_IxSLL__tLBeaTmDRFlTgcOPsNUf_YraStoIoYCATJzTdZHHSADW8l2mpBJiTkilee7N_Eucj
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.233.84.1 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=3600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Strict-Transport-Security
max-age=3600
Server
Apache
P3P
policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Connection
close
Access-Control-Allow-Headers
origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length
43
pixel
cm.g.doubleclick.net/ Frame B987
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEHKmyHb1bGQVMMIyIE_qRa0&google_cver=1&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyN...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEHKmyHb1bGQVMMIyIE_qRa0&google_cver=1&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0R...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTI5NjEwMTg5ODk1MDE3Mjc4&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTI5NjEwMTg5ODk1MDE3Mjc4&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyNPevXcufuDWxppPCmPz12
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=OTI5NjEwMTg5ODk1MDE3Mjc4&google_push=AZmPxg8qTUgbVUeKmIeKmdqYLTZ2ppZPmirj0vYvy2NLiRGJjBd0670TPl9PqRxg4LuUJoKcP0RmiKyNPevXcufuDWxppPCmPz12
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame B987
Redirect Chain
  • https://app.cauly.co.kr/idsync_ssp/doubleclick?google_gid=CAESENKaxxPw6XjMvp_x1wTxaO8&google_cver=1&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3...
  • https://cm.g.doubleclick.net/pixel?google_nid=fsn_asia_private_limited_new&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3WXehuMnjKtCnRvW
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=fsn_asia_private_limited_new&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3WXehuMnjKtCnRvW
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
http://cm.g.doubleclick.net/pixel?google_nid=fsn_asia_private_limited_new&google_push=AZmPxg_sxk2aRwUej39t42aniI0p0ZI6m7TLVEsguSdFKFWRlFk8CzLNwbX9OnmGxyKP7QhZksQTUL8iZB5S3WXehuMnjKtCnRvW
Date
Thu, 29 Sep 2022 20:30:16 GMT
Server
nginx
Connection
close
Content-Length
0
Content-Type
Application/xml;charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame B987
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESECsdi0WmxQl7ccsnf2qfjmA&google_cver=1&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHeXYkmai8TwHMeT_AKK...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01Smhud2ZORTJ1R0ZFaGpwcURmQmtXNVFGaGF2REEyUX5B&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHe...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01Smhud2ZORTJ1R0ZFaGpwcURmQmtXNVFGaGF2REEyUX5B&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHeXYkmai8TwHMeT_AKK0IqLaPcsFOkqBSHJoMqljVHtlZ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS01Smhud2ZORTJ1R0ZFaGpwcURmQmtXNVFGaGF2REEyUX5B&google_push=AZmPxg_xUX3Xw1n0RWnqULxwArxA2M8E4I3eH_K5KpHJvpFJp-spNhAHeXYkmai8TwHMeT_AKK0IqLaPcsFOkqBSHJoMqljVHtlZ
date
Thu, 29 Sep 2022 20:30:14 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
spacer.gif
an.yandex.ru/resource/ Frame B987
Redirect Chain
  • https://an.yandex.ru/mapuid/google/CAESEI6zLmFQPEzM_v6btqQs4bY?ext-param=AZmPxg8K45TW4Qdi71vDsxDyNIvd39vi7GZNwLikz1XIYhuekWAefv7VS2T4frg9tQ3XX2Ng_OiAzv-Hf-6rh4J9tUIyMZO96X2E&partner-tag=yandex_ag&g...
  • https://an.yandex.ru/mapuid/google/CAESEI6zLmFQPEzM_v6btqQs4bY?redir-setuniq=1&ext-param=AZmPxg8K45TW4Qdi71vDsxDyNIvd39vi7GZNwLikz1XIYhuekWAefv7VS2T4frg9tQ3XX2Ng_OiAzv-Hf-6rh4J9tUIyMZO96X2E&partner...
  • https://cm.g.doubleclick.net/pixel?google_nid=yandex_ag&google_hm=CAESEI6zLmFQPEzM_v6btqQs4bY&google_redir=https%3A%2F%2Fan.yandex.ru%2Fresource%2Fspacer.gif
  • https://an.yandex.ru/resource/spacer.gif
43 B
144 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://an.yandex.ru/resource/spacer.gif
Protocol
H2
Server
2a02:6b8::90 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:15 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 18 Apr 2001 10:28:03 GMT
content-type
image/gif
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Thu, 14 Sep 2023 20:30:15 GMT

Redirect headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://an.yandex.ru/resource/spacer.gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
237
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame B987 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KM4U8lw_fwe3Fgd38ledfm7rzqOA-naDUfTBKG8Evylj2mMoFg6JEGH5w6xDrCFRqzH8L-1LE
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1575911585432548&output=html&h=90&slotname=Internal_728x90_0.10&adk=1194620937&adf=1480696135&pi=t.ma~as.Internal_728x90_0.10&w=728&lmt=1664483413&url=http%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F22121%2Fmalware%2Fjackpos-pos-malware.html&wgl=1&dt=1664483413356&bpp=12&bdt=206&idt=337&shv=r20220927&mjsv=m202209260101&ptt=5&saldr=sa&correlator=7543025259923&frm=21&ife=1&pv=1&ga_vid=1018184806.1664483412&ga_sid=1664483414&ga_hid=629685142&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=520&biw=1600&bih=1200&isw=728&ish=90&ifk=658829327&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44767667%2C42531706%2C31069992&oid=2&pvsid=1329837975917972&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.sqbyruxakip6&fsb=1&xpc=38kqBcu0kZ&p=http%3A//securityaffairs.co&dtd=359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.39.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s38-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 1002 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209280101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31070010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 29 Sep 2022 20:30:14 GMT
EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
pagead2.googlesyndication.com/bg/ Frame 8D89 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
122285db9f84c3c42757d585b75701d549325f150e0d65701389a6a6bfa3a25a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 14:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20057
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15943
x-xss-protection
0
last-modified
Mon, 19 Sep 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 29 Sep 2023 14:55:57 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D7C6 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFwK2WynFhp0eIuxLS4WjFMxqKannOBfze1X1qalmEcMPLLmw4way_SUulKkTtcLmPUr8AjojDSUFl6E3AM0UkB8qjKeGzONpnPuDm6RcHbcfZ0cRkcrzFNPkujN0ngxj_BKS6c7_iXOCYwMfAmrduWjIcnE4jGVZYSjWx80VSUJlAz7_f3mfwa_ryE3eq6vPF4etKkiJsa_1eOHIIAozX0d9Z4iXCDdtcXiVK1vM8rN3HwZaDrJj7Iz0nWr5bM-P32wB87FFn5dNlvrC0hbcPBCXkVYKzDdmWbUIkIH0wTJnuj-QIgqjueXV8RaLsjIHEXM9OszRCbhKD50Bhdvs4bGSpJp2vkgazKCqyR0e3VdvhLFiJ_oYxFQO73D5q4L_G6q9T0SkrzDKP2s10x_Jdt792AX7x1aCvdW5CHRMH35uYgRBRcJw5WBmDw1Dtyh2KvMgUtPnxnKIZ_hTGaxRwdehZiZeZWhPMIS4QIZK7rSnIKAmEZ7uHCt3fn7nQvl4U9BazLnL9ypulyEn8tFT7WIe3fgryP2AJ4NPdyzQT5ljNmaDNrI_IlyKbAffhSoZAVILj8J-9WVzT14vKmQoCnCeX2x789nE6r8-wfWW_vuF2TRRUVdJPEoywsEHaLLzdMsH2F5CkAqvwknaZzn2qkUjQv3OGiwe3pAv8P1pG7u3rfpdyKdFoxU0EOTt-9LiFcOPx8zMHfhE14HLJcJFaZaPJsaCIn2FvLe9By0-wc8ytYIdno-BFpDo_ikkjdWG6Ylo067DD2XUDmi-c6eUVWD3gZqL_Sa5Tq3bxIWiriwU4fR86jBSOdIdwwuSX9920lOUMWiCdC4_QDcphtNb54KvMTZysTEZdAYdVD-L2hkes6mG7Q72RgdAXsPD3uAC0sNJX-qSYnD7PNbt1-DGYlTKjO3ZzLsXJ3ryu1nJAILhy_CW9Enz1-20FKb426JoXsP9OOwE_dKqNmY1_wyGWyWbEcZGn3aNy0poiU-BQoKDbTaUxJk_MwlER3Q5V1z6QCrowf1XnFKTiwQLN5FFYv-oc0pzVhHjyjuwoztHVctn76rnb4iV1z7pyGQSSA03UIIB0BwlOu5IN2XsFkqxOZYxFfSQMktTAVB6KSj9pln-eTt7IXye6vWLJrj3oZm0w3tCIrINfv-Q3CcT5t7Ja_r_FsW1Eroky4mtc1nMlhPn4Tn4YQxaxtEPUaGK2ZJ7LwCEPGEnsmNjR&sai=AMfl-YStgjLoH9OBWkYwRHoO3FPFnx5_bzorTOrcANC6CRi4H4iNvBPV-yWLspWQCEUCku3zJdKeuLxgKWdVjyn5WSy5Al0xPuO_Sb3J7V6jqZsPOlhM8TeY3T02gYG_Uxcaadud6AUv_4npBQ9GbGr-yDByq54mlXyzPjkHPEL0hbbXFmuVPH5evgWGjdRddF5FewtwwnHiiatME04F&sig=Cg0ArKJSzCJqhpVKh2ltEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=303&vt=11&dtpt=301&dett=2&cstd=1&cisv=r20220927.73404&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D1HL8hwtMqQOnZFYUMaGI819QZaWGpyyh7pp1e_maY-STzoaR9QovEovjFa3HxHoH-uVkLN4fjmR5WgP6zdl-Ne4F6CnlRrHfL1vQSfxX-27r08zXia9fJioZcr9jUwQLb2XvTjxtVkZ7JjaR_ghrVEZWZjU2T0K8oUICOwQLaXE1UTgg&dbm_d=AKAmf-AjMo3HK9YQ-r2FyItt0v2tviHEc_55vNNRBY2mv0WXttTmSq3vLXewSz4dy9-m9SjeUZubnZYET68_uH0LjPE1_mBb44gf79MinjV8Rar6ZZBwmavzFAZizSwUoqvQpD2yrg1z9CqfE4u3X2ge-a-UQDTeuxSmpAOij-zK00mdyO_QyETsgIFgMQ1NrQDxQ4AEfZ5R4iGb7Rd0iNGmalshGW156wPkylZpUpqFN_mtqdYRJUDtPTfq8J88Z-cmTvVbDDFbo1cY-yx-LWm9zDtRDXVq04TiKfHmz3dnolRYndTAlh1GSTdR7-pA7nqgZV1SHY8XsFBwQuK8_Z9wqGhtSC_N_0eU2uzYeV9DszXKVUdeo9q4ow4yR-SswbPPRxohLGNV78oEXTvAbVvGCYAmPIk3zD8isMd71Yzse85HHLRy_VZe31TuZWqYhpGFGEvukvtKZ9C7iVLIZw7eQUwV-JfCqgJS1jtzz79ghh7OY2pb_X5OnFX3euwypriH_rSyPUiOGcbN7Yfquh-GDkQiu6VTiYnnFMWv3QTOEYNPKaS7CAhcBGKlMf2lHkG0rUnhgEI4F4qqg_PB4g-ArxVpJTjc_2wLpX3sLVK_eWgOneikxgPl8y-rZr_6B545gd8rnUrK0vm88Fmtdc-0EKSLOJfzZk33qxoM-lUM3HVVs2zi5ul4t1akyOBHgwjHJ1j-j-B0jYgwD3cBHPuQl3FMsFW5JUbTvfmlcEaNIIK_4skjNXRcGgTluqPTcIlwb6x7Q7oC8vjYkMmmVFuxhui5fUtOquIxbav1ouKNtsDDUWh4JEEWx3rC8DAhuq1GKhYj3Wl4bp4IMG_OnmPxfkVWZxGumZ11_yICQMWX7ByIv6TE-UMHE59xmBgnrluiRpVU8ifNEJluAt63eFv48b6wRL7L5d38Z8tkfBvle8km_VIXpkfqygiBFwByOH1vV0G3P3JLZNtwaHm7SzbGYWfeQhsk-2lz6Y3cKM5BOO_5_OKp0OyT3NtvoRCBPXDJbwJNrJBY6V7lsWlRGn_Iq5bd7vKQlAXwv7WJ4Lj1utvGXiKt2_gq4YiMJtMF-6qGXBxIcz5x8xNopIQeMEMAz8GtkEelUDdjkct2Auy__y2dada_-jwcMgsvzdNFGxs9zSuSk8HpYh_ScXJsZHHb_kdI7r7JbT97Q2x1KDQlbPvblFP_fW0w0giDLxXq4hKqZhr-6NQB-brsu3Rv_leH7NWTfe9OBJW2HMQFThdOI7oaDIw0la5XVDdImpcPgVJApTVUkE-6-W30S7Jk2MdtD5iNWLGJeejAXY3latkldeMb141sRfPLRYhAKi-qJ1o1RlHld8P4_1VW8iVXFlFMlwFSDbxCdmAj-1MvY0Ec1za0mWt3gQqLHtc287JERAGbNyLgZSRsyx_1mKpmM7AqBXZpmsjHAIR0kVWCF_KFDDMZfVUUg-crN5mnhsR1V-GVe7Y4EBVa01E5-S355KqPkpfmr6TG6D9wM3-Sf4plsEuLzXbiNtXdbhHlJqLKqj7BO673GKmlyE2PAmG14oDa_BDSODhMKazJzdSzE4WoFSHNALZ6L2TmAjpXxk9FqWN5vxYp2BRaspA9u2iUN6rT79fzkqwa1YgFoeRWMJM98QXojP2C4-ptkMPgihyToJenVyGvYHaltTzik_tqx9BKK39n51OR0LNvJKICU3eSK9KwvoCtdcvtKVrzXoFXX1dwaQjBQPilYq0pgsk67V1w_pJvKHrKyycmSRljJ-ZJKO3F7I5zXF_LbSqddfS1pByc7RQ7frqrNNocxJOGdooyTz3hkbSQGja9UdOg-rFEyvV1PKpoh_BTrK7KirSdfQKY-Vrq2Ygmzz6hm9UuHfYG5mRMHxYav7wj4otNARNfpc_2Fgp_UIQHcuczRGBZGNZVYAMfq0X4ox3VXpdEscxV7ds_Sot2gf2r7I1yfwv8IuLklcNeOzfQ7xZ2-ruZ1HuU-1W_umXBTklyPdC27Dx6Z1xywzQAEYpMyPUge54Vo33B0rzSlOyNIdKQwR4G7LhGUjrNLS62E5FVEaJ34ZntztOzmJYNaFqjb9NnRCUcbprB6e_whQ1hL4tsCT69aNo3ivSuFXQ9immUiV2g208deDLo5XsYQK6r7NiR8ARVQcDAXSfemn3Fs7zLr_B01v9t_0dAD3wtUw-lS9aS2dJRcWLXvolTCg3A2iyGB69uDnCKIw2fVirl83HwbMBxLFDiHOBMg2TiydUxp-YBYaZ1UxerJIf32TQVihYe1tLMGGhQqIHDWsfalzXJ-ZiuXz8M5aNLKT3hDJftshYBNefhmqk0lo137kUtIvW7vgEKERBkj9AoMM4t7eNhcBPRRMimmAt00kk4pQn6Lp3GhpeweIB9_zTeKDl_Qo6iuR-YosssdFGZ98tJ_M0ylHOY_YKG92aNRNgH_SHvva_pk37j7G8QywaTDbzbS9lQ0hpgJFhXuuuR1hunh-4sFXqfGJXiq2o5fMAGGxoDE7aFA7hpcw-hucCBftf1hKSzLiWou2xDyOKuYAToqs9OnD1ArKgJFP5xCiZ5tCN7fUXZHRE92J4OFTt4g0jHFdulIMKNEiBpqGdL00id6CtYY9WZ0sGueUb2J4E21UlIJyx58KPZoqy9ojaU7N0btiNdruhajHShA5o2AB5azGQaZNABM8laEoqdfbFYj6AOP__vol4kz_uIAtdxl58pNL6zUu6M9XYKHGbW66kQ0LeiUXYs3ZvlX8CdMIMS-KtxLmUDl9r9xmFLyARwqoihVkR0di_gPKXrHBO7vBCMHQ7LLBJ6v7CqJcvZjsNZgmwIFGFMoCjopyecALL768DSHfDclLOUxsbpye06cQDaCGudsDm4qzVfPvvt5jlJcg71U_QXEa4xrXrV6YeiyfA8s_D9CRI7_YwntSkRIwUQvoWWIGSOt1GZKebGW0Q7v8TXmetZmiKbZRjLVM5h7ktvA3iGzomOTbBzeyqvi9g4uNM9U5CmJa3EZvFIcFmUVIPEz242s4K_cEBqHbJ0L4q0TNBRl3wu5apPxFNcB3Z7g7PSmU1uuyzScIPBOQUOUinHwLHGAW8sxwyCyeMiv87G_XgcTmQCfNREonjx9IS2Ihu0xUVPXMvu2sOWNzeZ_HWwScs6gIKXk7ZX3uW-o7US_9xdW4cDEA-OPcqZBoU&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&rfl=2%2Chttp%253A%252F%252Fsecurityaffairs.co%242%2Chttp%253A%252F%252Fsecurityaffairs.co%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.201.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bud02s35-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 5DA8 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220927&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
abd3b0b28f0b038e4eb3e7fa9bf7768eeaa31eca4fae27bf0a555d0e7764e88a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11122
x-xss-protection
0
p
a.audrte.com/ Frame 955C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=gfaWcZ1XMaQSIakupLJBZhSKQ&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=gfaWcZ1XMaQSIakupLJBZhSKQ&gdpr=0&gdpr_consent=&google_gid=CAESEGTiwktvt7ZitFB31or4NyU&google_cver=1
  • https://a.audrte.com/p
68 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
p
a.audrte.com/ Frame 955C
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=929610189895017278
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=&google_gid=CAESEGTiwktvt7ZitFB31or4NyU&google_cver=1
  • https://a.audrte.com/p
68 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.audrte.com/p
Protocol
HTTP/1.1
Server
52.72.177.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-177-11.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 955C 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=gfaWcZ1XMaQSIakupLJBZhSKQ&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-210-90.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Date
Thu, 29 Sep 2022 20:30:15 GMT
Content-Length
1241
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1519 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
15755
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 16:07:39 GMT
expires
Fri, 29 Sep 2023 16:07:39 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 3663 		783 B
537 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c10c5db50639b2b73b08244336c3b1b14384ab3cabb3d11a73656ab8c80506b8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-GREZh6-YgQzvxx14vTZLIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
515
content-security-policy
script-src 'report-sample' 'nonce-GREZh6-YgQzvxx14vTZLIw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 20:30:15 GMT
expires
Thu, 29 Sep 2022 20:30:15 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 5DA8 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&bust=31069992
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 29 Sep 2022 20:30:15 GMT
EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
pagead2.googlesyndication.com/bg/ Frame 1519 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
122285db9f84c3c42757d585b75701d549325f150e0d65701389a6a6bfa3a25a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 14:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20058
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15943
x-xss-protection
0
last-modified
Mon, 19 Sep 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 29 Sep 2023 14:55:57 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 3663 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220927&jk=2187897779385762&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1178 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
15756
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 16:07:39 GMT
expires
Fri, 29 Sep 2023 16:07:39 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 250F 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0c8d93e1ec4b353bb084dbbc814e739fc47d0f9ccfc54975db253d207520ce6a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sKJz3Gsp4cNPf1vFX2YR7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-sKJz3Gsp4cNPf1vFX2YR7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 29 Sep 2022 20:30:15 GMT
expires
Thu, 29 Sep 2022 20:30:15 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D89 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BB0MgVgA2Y-a9I6G39u8PnZyQ-AMAAAAAOAHgBAI&bg=!e3ileDzNAAYIxsuQKMY7ACkAdvg8WoiMLkN-OHbj8kruKuj5RHfYh0PM4Dn-7f6H59chDGyIujWC7wIAAACwUgAAAAJoAQeZAv3iCJoSToptmoE7HC4tP9DlJjvzZRTD_Ljg7ctrVeo_NgQz7CYDYCVBb-o3FNmS-EOswokGy6ZNiePXrp-M-sZR8kxbEeOxdObCkTIo48EYxQ6a-pGsdFj8x68D8dTGk1zTLp7XIo0zzY9B4zbewxGgoQa_q0vHbJqpvAteYRwr6d-kr8hbSpZJd4Xr8Zvl3U39JturjJnBxMtlb3bsRF1SiEmJRAk0DkWJGT3AIV_601AW3LH5EZbFeU0CVajmTR5icJT0-MR8UKc3vXoURwavyluwFc09Zlr3l07CY3BUqX4PytWpk0WX086hwyNfAp-YKfppP3LuXZoPSVKKSr824E30jHIVJUNjKCGAxc9fdNIhUjXct9WNR7cUwh_rmR2ehE5XP5VaGt7lGonCyR8c8rXybXkjoWXtCvs_8AywWXojqZWbalTArZ0XrhWubsKhvICpKunAdOXyAPQ4XrXayli4QXIDcNdc0oTqfJ0sPZ4djT568G8eMGRU0GFj-Qtr7j5biwVfn3S_Hs1TkWw1gNB93oneTuI_0IcvuTGSai4q7OAStVH1Yi0ogrZwgsgegNSCx88RpgyUfJssR-wg0MA46CDHk_wn_If3WKzT43DIOpViHMDCyLSzOWLVFLMrN0oFIxIQALIwfAYr2zM-sa1P4iW-4r2ph4GIsfl_l1iBf_CaDDU-vmi0EBxP2CPQ5OGirhc4vZA-HZJbHhHtS1no7THiwHnvF0T4NfCDpe6eHZJlc9-c45touqrnyzFzvuIsJUUsjaQIkbOb4luegAH61Y7uUEy2Jn0ilfp6ogkyWcEDBKGdVlUorBUc8QEP683A6QSrZRxRc3z_bLp_lURCjdj-3kzJBm0Ouw8YwsxLmjmfVjzSKzxgm9jFhlkHbWQH4MA4gGC9o1c9ypKP9lFkiDxJ0pqv3zmGmqq1IV4UJTJXFcrThLNRJNfCWxZM5FBHS_-psULHYWrwNYf0iz4fXMprokSfxuTT30QcsjmUs2lK9TtXySXl95Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 250F 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220927&jk=1329837975917972&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
pagead2.googlesyndication.com/bg/ Frame 1178 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EiKF25-Ew8QnV9WFt1cB1UkyXxUODWVwE4mmpr-jolo.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
122285db9f84c3c42757d585b75701d549325f150e0d65701389a6a6bfa3a25a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 14:55:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20058
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15943
x-xss-protection
0
last-modified
Mon, 19 Sep 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 29 Sep 2023 14:55:57 GMT
generate_204
tpc.googlesyndication.com/ Frame 1519 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?VXsguA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
async_usersync
ib.adnxs.com/ Frame 21CF 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:15 GMT
AN-X-Request-Uuid
4443d1e7-202e-4fbc-920b-f0fbab3ba383
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame EA2D 		0
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 29 Sep 2022 20:30:15 GMT
AN-X-Request-Uuid
be113408-9abb-4a01-9ead-4e291759a2cd
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
217.114.218.24; 217.114.218.24; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 1178 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?e2VDVg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 20:30:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
um
u-ams03.e-planning.net/ Frame 1883 		42 B
103 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u-ams03.e-planning.net/um?dc=3ab023ac29ea5990&fi=01e2750475341cd6&uid=f66c2b0869940a26a878505394b8e720
Requested by
Host: vid.vidoomy.com
URL: https://vid.vidoomy.com/sync?gdpr={{.GDPR}}&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-ams03.e-planning.net%2Fum%3Fdc%3D3ab023ac29ea5990%26fi%3D01e2750475341cd6%26uid%3D%7B%7BVID%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.172.90.251 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
ads.us.e-plannning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://vid.vidoomy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/gif
date
Thu, 29 Sep 2022 20:30:15 GMT
server
openresty
activeview
pagead2.googlesyndication.com/pcs/ Frame 0E33 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaYW2zrFNc32e801knloAu4nOtzEApwewr-7QBZNCkxPEiWyivSRAcfpE_aNF-UdLoH_VUlu-bZRK0b4IzjlUlbFbHvFBc7kSwdiM-v7VwmrLBfgn2CB86KpoeltzJ0TIV9hZ1yQGTHJddKbbo3E56MfhPhCenszKF1b6RZxf5g_p8rI6_-UyMix-hU67NyxTax4Nm_nNWyDiyKbUUw0YJvkdRDWP7zZru6HEPUbGvKi-Lc2X22rscfyS7GTLSzl9Pxdm-N-kFxyYtUUcAF5CQXADG-r-hx9mv_j29QhIeYfVhkqJEP0fZ3os_7JMwPK5FdvukuMjWLLMitIle-etBrzkjuKvwVa3FX6AbSYMmcGkxjNA7uWraOHtrjCpnoQpEvDnJpDPFllilBieclyHfOF8kkMyyFUWbf2WYzN8xO66PmBU_2kRAw6NB_pvuAvMRzp8xx_B2TUpo9vsZi3w2V8YvA73FqeCczI_9jFJQ2F5TLfeF3DQpxFaHRaTNYbXgnmhOAzPtJ24-KnBr6n8URefQAhnrRw4LpkC16mY78AI7z8O5VwYhzUGZmb6u9fM3BXZoWWrwXpIPZrz7ZrSSo69bCSn5hwE1PBbeHgGQ6ggRdAUooE7WgvKc6RELr_CkodolC2dWFTCVnr_d4DAzSwvIRWH3ypiMvfaOynK8G7c7TyxDcQ_vS5sYg2weMyW43ANZwTMywgUbSKAt9PiB828gdVEXkjtmhJBJ53pMuRBv2hr8BVS6A4qzldqCPEejDhU4kf04w_RtGYt_L0X6-mvBDV_514QrmkY05hlFvnNJWw77CMEaL4WY5puKcwQXWdfAqG5_s_45Aj7WUyUF_sFkOp53a6Kpe7R4CH2z-WsIzcS0kTayB5QVEwGAPpfF6LqDTDwKCJhibuvKIJB4lUrSF6T-oZ_ZXyShXKRuSizomLKtSTAv21NfL_lXpSbbn-QBjlK0dSyuszOa3iDaodpTnKblvjHqXLXb-Ii09SUBYvpYcCGgEiMDMb8u7qFnqwx4I_2qW1_4M9rEOhyEXjjS6ZNmw42EekY6RlF770I5hMJ2H5MH1yTeEmt7Gfw&sai=AMfl-YRXlR8qxLgciSeCw0kamurDzxWCOKIXpnQTiCY6JbrCjL809iXch5XLPCvF7LU90lVobhkbW5vSjVpqUKYZx8wm9jtMMcV4akwR&sig=Cg0ArKJSzPHSqSjzEKT0EAE&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=468307373&rs=2&la=0&cr=0&vs=4&r=v&rst=1664483413673&rpt=1056&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1002 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220927&jk=2187897779385762&bg=!Hh2lHVnNAAYIxsuQKMY7ACkAdvg8WjnJUgwu1ygUEDtu0uulSvNwBcK-Llqhkm65W2l9JgWrrt0bgQIAAADlUgAAAANoAQcKAFoM2T8GyxIOY2snP9zxOjIAwZtat3zNRxP5a8oYkLp9DznwsM2nJxCVX4P3m4P2zO3N6t1ELCu0L_qQ3rIKyXIM1wLPRTFJ--oYs6Mg6SMOGGfwkO4mFYZc-beZAr0J7yws-Q3r_4v3oEeisfQlNgv-3PFIxXUwTB0MSvPt0z-PBtkyg4K_72EZcR7Rj3UJ5D7y54Xf7dUW9epDjrqfhVfT8k3E0R0u2jjB6Uui9hEXiTruMQQbSVftcbUSpZx0_LL7JeJFC4tVZMR_7NhXTjjSUKL2qvf0W9MZIpthPyceCpertGojoBWbJoEndsamXbUkgtZyvtcWbthPPhYYBXdjd4JoVfoxeaS-SEurPfhwjwTNRC4J_CjmSPMCAfs4ZlLd2egvXYqnc_7wMY5eTH_gIFe4C2Je5_W8vGhqHVm0fXxTOOb5PQXaTmNnTFMVQ5dqJKSGuK2WTTHBxNsf_2-58p5klQ85-0zFetNtjmltVnHolNQYKrbsWv2_Vj88ckMqJa6Ve56IVBh07ydxkN-OIWmber5k2MHMeobTnK7b_M1anTzbm6dj-9I6-Q1L4CfoPo12WqbrBfWs528ws4EO37dg71OhLqE_LhN4RqNt1Pp5lKRL_hLSb7a_XaOgVDMA_Un6lw4LnELjtwqkdqIOYgvdXYO4bb-yrD44vPN4YXbLNXCZA_JsKw8BPV_EzGI3NZ_kQDoXerH04VzAyuVkUSmouCgO96Kl6VPvCz2gDYdrN0hfPPp_ad8FrUcJ6fQsTpkxZjocdWM0kqHR44dWcWUn0kiSWFQCo0lYzr-FZzfOBI1ibqf1XLnaPE0kkiZOPhMfQzT7Hqc57rGJXan2W0HMsT08-5xg-gaDksZUtHBanpUt_2lMvLNP3WdZgvGvsGGnuX1YOgdVAqx2qLpBxRaKoGy2Fb6rF1r8KUhQBLU-fefAK-0QRuDgcGFY9K-U_VZr2u93tsGG2ovBfs-8wd7_1pwA21oMkFqg5zzlW9LZYvyiw55HUHW1-tYrFqzNNk-nxn0BOFqnnGLYcJxYGjiwhr340WcsKA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame D7C6 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvadkoALnuNNirTTHBaWh8zgSflehwjjpxMyrAhuSSUz0QFh5D85x8jrDbQDYa9JJ6Ha2jo2ZzPUMXuMxaAgQBXn-0f1NwDn0WEa-BKV5tnJwpyg8A6KQ-AgKUpT4uPvv16HGX72A&sai=AMfl-YSoIjNFV5KKAgsfHY5oo0BL7GcYr9CONtieA65x-MT-Zw34jw934eVRSx69CNghh-z1JvQD2PSj6pClp-RK7p1xKNihOtTsiVOv5Q&sig=Cg0ArKJSzE6qdvRcMhoiEAE&cid=CAQSKQCsnQUxhXv0WPOXz1usmhlm937-aCe2etCRBzWI_RTSx3CkiQ7n0XgfGAEgDg&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220928&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1194620937&rs=2&la=0&cr=0&vs=4&r=v&rst=1664483413721&rpt=1227&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Sep 2022 20:30:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 5DA8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220927&jk=1329837975917972&bg=!qaqlqu7NAAYIxsuQKMY7ACkAdvg8WmbXCoOfAPcbrOFeXhRt4F-Hwl1FoJ17dcIClNkZvnm2fOsJ6AIAAACSUgAAAAJoAQcKAIvj3s9b0lH3wRJbJ3FxrUd3ZoGwhlaAS3E_Ax6NMUwt2SneY-SXxTYWlmHZn30e60BnjduNijDivUPthvf1az2HqLTFEMgehaJIX5R30mwATRBPW350ZRvNp5xaic1EJRe3vPEg-J8fGi-kyczq5ykL6QDHogK9k1buK-lNox6WQugpm0LQeuj3uEDlmQLQ9dKOTIUBse0Nlb4AR8Ag9dPKhbKMwSmlEpUO4f4YCp2sI2MA5NdZXUACK0F8v3yU4o9Klp58AAyCzSBjHsmT5Y12CbGTS5J99upF6fYjk-p6lQtrDFn-V7p5OXByrgE1YXiHUC2JrfzsSESFh9XJf5u4F-5JslgYwagJxh_e426i1uHZKnWzYzmnYhn7vl0iygPLYAbk2hSpsUdAWZcigppdkzDa-YiWwJuN-ved8EK6B6BrN2Q4KJfZE1AAEj0GDdBY5W21tNAaVo5HoPlOiefyslzu55y1cQvGidgdUp7v2PiMC0Uh3FU9Wuhe0QvJ-y5YCG4VFcZ1OzHVXPceX8XUfICXqBH4aYsjS4uPXF59DzkQ5zpw3vc_eDfNIi2SntCvCxWACMyTkLxM2uJUBO-eCWgd8iftA9dYJI9zRc7jifZoWc94977k7bH7zYdAnOJG2llEGAY_OfvmN9LEcx9JUw_yY0mBc1FLkuCd-Q9z8atn6I8O_Nl9KkZjCV_0TbstHP5sLdVqqNYM7lwlANXejpfvgCB1OxvU-hhnXW_hcoCPoFkmzkAA35IVmhkaCp0L1InN_3IEu5t1u6vpHPbbjyuMRGMKkgn0bmhJqLwsQI7pcmcur43g2mVceOVLbnQvcnQm1-yJ7vbewae-XngQyiQkUM-ita_VLXFn17uOiSXcQWW659lPw8Hwn0sSjJ22zWwIDKQhAjuFnsXGdN6H2c2SltWaGZqKM-IVCpt_0-FIRIkHXGgdA51p7SjDAA6JVYNhnyF58lC3oGUqIgt-Y8Psd9YpIY-sfeZaLjXWiNAGOI8u6LbrOS5FayttNDKTEtJ17dvgqdgFaeIJBXPRGOH_hXQWj0n1DdRWgdajVmWCL056aI1ZSVE4E6lRMDK6SHD-jvLHR2aLQC2UOHhKbVdlx3uRyOrFO4lxqrJnOXsV3vm6_z4mmsxGOthJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694

Verdicts & Comments Add Verdict or Comment

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| _wpemojiSettings undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle string| medianet_versionId object| stlib boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus boolean| sop_pview_logged string| stWidgetVersion object| stLight boolean| st_showing function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| twemoji object| WPCOM_sharing_counts object| click_object object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| wp object| _mN function| logFailoverPing object| gaGlobal object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed function| onYouTubeIframeAPIReady object| gaplugins object| gaData boolean| isPending string| prebid_file function| findCMP_PixFuture object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| googletag

72 Cookies

Domain/Path Name / Value
.securityaffairs.co/ Name: _ga_8ZWTX5HC4Z
Value: GS1.1.1664483411.1.0.1664483411.0.0.0
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1664483412.1.0.1664483412.0.0.0
.securityaffairs.co/ Name: _ga
Value: GA1.2.1018184806.1664483412
.securityaffairs.co/ Name: _gid
Value: GA1.2.822545523.1664483412
.securityaffairs.co/ Name: _gat_gtag_UA_59069958_1
Value: 1
.agkn.com/ Name: ab
Value: 0001%3AorNs%2F3oAHiPZ3lRgTTW%2FgCVigHdEZqeK
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: 60809bf5-263b-42ad-99a2-396c05481806
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adnxs.com/ Name: uuid2
Value: 6330426637545280149
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-09-29T20%3A30%3A12%22%7D
.rubiconproject.com/ Name: khaos
Value: L8NIG529-1F-3L5X
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qqymgoItaYpbbU1ZxogGjlwOA+xFj1I9sd0zdRXVxf6zEkTSOTUXNUy5FGfGNePc3/th4iWCi6WjspbV3mhqimWXjmaZkH7bMyyqVI1k5poNA==
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: HAPLB8G
Value: s8541|YzYAW
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: ALQbHyKHKmvabMsu
.securityaffairs.co/ Name: cto_bundle
Value: MSfEbl95TFU2bWVMZzFSUm02QjRMQWJjUlpGdlJ1MXBTeG02VldRQWtvMTVQRDdqcyUyRk9mVkN5N28zSnpaOEtQeWNCZzBHSkFlWGk0dHVXN2NzVWhSSE9GdGYlMkZvTGJqdU5yRkpYNjdxWWp2REpwZiUyQnZFZGg1Y05BaCUyRjclMkJTWXZod045eWI
.securityaffairs.co/ Name: cto_bidid
Value: JeAaL19heWZGJTJGUFdWdUR4ekg4JTJCeHNxMU1lNnhRUm4yMXJLJTJCZ2Vzd1FOWUIyRnZvYUxUUWYwOXV1SW8yZ1NKWmk5QWFtZTJkcTFrbDhJV3FhOXUlMkI3QlZFb0JBJTNEJTNE
.zeotap.com/ Name: zc
Value: dba5f86e-6356-4a77-7cab-af16129f5659
.zeotap.com/ Name: zsc
Value: %EF%A9%84%88%85%F7%D1%CCw%1Fj%8A%FF7%B9%E0%11%3F%99%DD%8C%24%A5Q%40%81%17sQ%3F%AE%D9%ABr%F6%C1f%3C%1A%C0K%CB%F07%15%F8%BE%02%BC%D1%87%B5%E3%DC%B6%15%11%F5%BCc%8CQI%10J%5Cty%8Cpo%DF%F8%2CZ%84%DD%D2e%B6%FE%CE%25%9B7e%94neRQ%AD%C0%27E%A6%5B%A2SY%D3%7C%B8%D1%C3%3D%09%8D%8CS%AA%B6%01%F4%F6%5C%A9%CF+%24%9C%A1%A2%B9%07%98v%D9P%F31%87%B9%AC%05G%88_%F3%13q%3D%D3%B6%02%A8%B5%BC%87%1Fq%9A%AD%C0K%A7%81p%F5p%22%3B%AE%1Ed%25%E8%10%0C%E4
.casalemedia.com/ Name: CMID
Value: YzYAVWb-oGuElAM5rmMpoQAA
.casalemedia.com/ Name: CMPS
Value: 1207
.casalemedia.com/ Name: CMPRO
Value: 1207
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.tapad.com/ Name: TapAd_TS
Value: 1664483413518
.tapad.com/ Name: TapAd_DID
Value: cb62ee89-3e09-4851-b57b-6b7e31e2c2a5
.adfarm1.adition.com/ Name: UserID1
Value: 7148901823588006036
.demdex.net/ Name: demdex
Value: 22816408363959778252804574423635207623
.weborama.fr/ Name: AFFICHE_W
Value: GIHFhF-CkfkY59
.dpm.demdex.net/ Name: dpm
Value: 22816408363959778252804574423635207623
.mathtag.com/ Name: uuid
Value: 81bf6336-0055-4500-b8c1-9f14532a4c11
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.securityaffairs.co/ Name: __gads
Value: ID=22f315e8a241153b-22233dfa34ce0070:T=1664483413:RT=1664483413:S=ALNI_MbpIZfsudtRdwGEmjAeeGRZV2fmDw
.richaudience.com/ Name: avcid-zeo-uid
Value: dba5f86e-6356-4a77-7cab-af16129f5659
.krxd.net/ Name: _kuid_
Value: PG81yLHk
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUxRYkh5S0hLbXZhYk1zdSIsImV4cGlyZXMiOiIyMDIyLTEwLTEzVDIwOjMwOjEzLjgwNTA2NTY2MVoifX0sImJkYXkiOiIyMDIyLTA5LTI5VDIwOjMwOjEzLjgwNTA0OTI5NVoifQ==
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
.yahoo.com/ Name: A3
Value: d=AQABBFUANmMCEKFB3SRc6SeCWU-l2OqA_1kFEgEBAQFRN2M_YwAAAAAA_eMAAA&S=AQAAAmyf3zNX2zOQCSlLkt1rQUs
.bidswitch.net/ Name: tuuid
Value: ab46cf40-b4ed-4d8a-89ea-e4419b3e1292
.bidswitch.net/ Name: c
Value: 1664483413
.bidswitch.net/ Name: tuuid_lu
Value: 1664483413
.lijit.com/ Name: ljt_reader
Value: FZiOqRZHARwkHVUTS2CyNMaL
.tidaltv.com/ Name: tidal_ttid
Value: f7a80584-6d42-4854-81b6-672e17d3d65a
.lijit.com/ Name: _ljtrtb_279534
Value: ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjI1tTK0MAIAK/v8swkAAAA="
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&70fd29f9-c09d-4adf-87cf-996a9d7b9104"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjQ0ODM0MTQ7MjswMjGa1Hcv2decDsa0cdxm5yN/CSSPBMzELt2HchdhbgHmrg==
.linkedin.com/ Name: lidc
Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2352:u=1:x=1:i=1664483414:t=1664569814:v=2:sig=AQG-MiNHQ-tqhD0GFGZYyEN-Ea0xYhUT"
.fwmrm.net/ Name: _uid
Value: "e9c4e_7148901827864563561"
.amazon-adsystem.com/ Name: ad-id
Value: A4XmhSYvbk8NrxSPDq_pIbg
.doubleclick.net/ Name: IDE
Value: AHWqTUlLm4QbduGW-NTRPhR0mkbRQ9yACD22IHCou9yCdacZvt_LHPmQHEEqauB4cdg
.casalemedia.com/ Name: CMTS
Value: 1119
.adnxs.com/ Name: anj
Value: dTM7k!M4.FCxrEQF']wIg2GU_ITqF3!EKy0$#5]2IPcP(?[])gK)#4>J]t8O<uEWW1PPDs1]!L=Rd9?C32#0Sjt8.KVkq*^9Rkfl9RrTqh/lku
.bizibly.com/ Name: _BUID
Value: a6ee52329d4e56a8c2bdd8b9e1fedd3a
.adform.net/ Name: C
Value: 1
.analytics.yahoo.com/ Name: IDSYNC
Value: 18yx~27fw
.adform.net/ Name: uid
Value: 929610189895017278
.audrte.com/ Name: arcki2
Value: gfaWcZ1XMaQSIakupLJBZhSKQ!20220908!1664483414897
.yandex.ru/ Name: yuidss
Value: 3383122561664483414
.yandex.ru/ Name: yandexuid
Value: 3383122561664483414
.eyeota.net/ Name: SERVERID
Value: 18716~DM
.audrte.com/ Name: arcki2_adform
Value: 929610189895017278!20220908!1664483415070
.audrte.com/ Name: arcki2_TTT
Value: 1664483415183!gfaWcZ1XMaQSIakupLJBZhSKQ!50#799#312#1609#1795#322#771#1295#724#1733#801#454#378#1554#226#1464#1022#482#36#790#1080#918#1399#1188#781#-1#692#1573#969#1298#1455#-1#1787#1641#146#271#262#-1#384#783#1838#1230#722#351#625#-1#1010#1526#523#1761#1074#505#370#15#-1#532#1605#368#1558#506#464#757#1313#1031#626#430#906#-1#1353#1702#1597#1073#1717#200#259#8#1005#389#492#1585#1235#1264#1324#1244#1327#234#294#318
.audrte.com/ Name: arcki2_ddp
Value: CAESEGTiwktvt7ZitFB31or4NyU!20220908!1664483415303
.c.appier.net/ Name: _auid
Value: coQrc7CsBxW6r-W1VwA2Yw
.c.appier.net/ Name: _gu
Value: CAESEI6YpsjeRkPDyVt1-Duc9WA

8 Console Messages

Source Level URL
Text
javascript error URL: http://securityaffairs.co/wordpress/22121/malware/jackpos-pos-malware.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'http://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=dba5f86e-6356-4a77-7cab-af16129f5659&axd_pid=175
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Ddba5f86e-6356-4a77-7cab-af16129f5659%26reqId%3D694fba93-2a55-434c-60a3-98ccbd1cdd34%26zdid%3D1361
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://tags.bluekai.com/site/87734?id=dba5f86e-6356-4a77-7cab-af16129f5659&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=dba5f86e-6356-4a77-7cab-af16129f5659&reqId=694fba93-2a55-434c-60a3-98ccbd1cdd34&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://u-ams03.e-planning.net/um?dc=e64f73568d2b3c34&fi=01e2750475341cd6&uid=ua-672c4b3f-e177-3d79-a63c-a9acd7619c10
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.c.appier.net
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
aid.send.microad.jp
an.yandex.ru
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
app.cauly.co.kr
bcp.crwdcntrl.net
beacon.krxd.net
biddr.brealtime.com
bn01.er.bemail.it
btlr.sharethrough.com
c.eu1.dyntrk.com
c1.adform.net
c2shb.ssp.yahoo.com
cdn.bizibly.com
cdn.pixfuture.com
ce.lijit.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
contextual.media.net
csync.loopme.me
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
i.e-planning.net
i0.wp.com
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image6.pubmatic.com
js.cookieless-data.com
l.sharethis.com
lb.eu-1-id5-sync.com
lg3.media.net
loadeu.exelator.com
match.adsrvr.org
match.prod.bidr.io
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
ps.eyeota.net
px.ads.linkedin.com
region1.google-analytics.com
s.amazon-adsystem.com
s.e-planning.net
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securityaffairs.co
served-by.pixfuture.com
spl.zeotap.com
ssc-cms.33across.com
ssc.33across.com
ssp.disqus.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.mathtag.com
sync.richaudience.com
sync.tidaltv.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u-ams03.e-planning.net
u.openx.net
ups.analytics.yahoo.com
usermatch.krxd.net
vid.vidoomy.com
w.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
api.rlcdn.com
104.17.119.107
104.18.18.126
104.18.19.126
104.96.159.57
133.186.161.89
135.125.160.160
137.184.242.150
141.95.33.111
141.95.98.66
142.250.186.130
142.250.201.194
142.251.39.34
151.1.205.165
151.101.130.49
152.195.15.58
157.90.211.246
162.19.80.92
172.104.45.159
178.250.2.146
18.156.0.31
18.197.210.187
18.198.69.109
18.211.165.216
18.66.97.9
184.51.9.18
185.15.245.82
185.172.90.250
185.172.90.251
185.29.132.241
185.64.190.78
185.86.139.95
185.89.210.122
185.89.211.12
192.0.76.3
192.0.77.2
198.47.127.22
2.18.233.201
2.18.235.93
2001:4860:4802:32::36
2001:8d8:100f:f000::289
202.233.84.1
205.234.175.175
212.82.100.182
216.52.2.39
23.205.235.133
23.35.228.23
23.35.236.201
2600:1f18:6593:f607:ba15:f8ca:726:bfa6
2600:9000:211a:ca00:3:c04e:c780:93a1
2602:803:c003:200::51
2606:4700:10::6816:1957
2606:4700:20::681a:644
2606:4700::6812:acf
2606:4700::6813:ac6c
2620:1ec:21::14
2a00:1450:4001:800::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:827::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a00:1450:4001:830::2008
2a00:1450:400a:800::200a
2a00:1450:400d:806::2002
2a00:1450:400d:80a::2003
2a00:1450:400d:80a::2006
2a00:1450:400d:80c::200e
2a00:1450:400d:80d::2002
2a02:2638:1::13
2a02:6b8::90
2a02:6ea0:c700::22
2a04:4e42:600::300
2a05:d018:24:b001:7bc1:27ea:de69:aded
2a05:d018:d29:3601:2446:243c:2b31:890f
3.124.210.90
3.68.42.108
34.107.148.139
34.111.131.239
34.149.20.76
34.248.26.113
34.250.137.124
34.98.67.61
35.157.194.177
35.157.246.167
35.171.56.4
35.227.248.159
35.244.159.8
37.157.3.30
51.158.29.12
51.89.9.253
52.223.40.198
52.30.179.166
52.46.128.147
52.48.190.42
52.58.218.78
52.72.177.11
52.94.222.140
54.76.58.201
67.202.105.21
68.183.31.14
69.166.1.9
69.173.144.138
69.173.144.139
72.251.249.13
76.223.111.18
85.114.159.93
92.123.9.160
99.80.120.198
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
02c11bd6b17547d07a308bc57ca18ff7c1c37105e7bb276f42a5f5dc43cf482d
02dfd93cdb067aa3b448d8e13ec66e62a9a83212384c099d6d3d0d93ad744d59
05cddf977df8e2692fc92f8b491ec4957c7d6230a96f76237125b63b5ffb926e
072d37a257b66f95b6ec6ab2ee73674745aec2bed8d08f2fe9b5b1a2876e3bac
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
080892fdd23426c128218f3f704dda4efd9a2bbf7869e10fe83f6ff92d09f001
0b74ce0bbd5ebfce4d75159ac2e195c285ac33a432329a715a08c6154f5c76b3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0c8d93e1ec4b353bb084dbbc814e739fc47d0f9ccfc54975db253d207520ce6a
0dc2c69e574bf2b3f29d3adbe886e87b500539a39f6ffbc80c6776622119d7b7
0df4f6eec788b7cfaab10b0553db6a0b2ebe7f6e10469b931bc570a13540479a
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1219d714e27f186eb7bbf428f0553a2a5a32fd30e6321b10af81582c66fa173d
122285db9f84c3c42757d585b75701d549325f150e0d65701389a6a6bfa3a25a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
130dd4c1c640a17322211161822b043aa7045b96e51623f1744264ab9fc2f3ce
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
140e17bdd8186191131c02a6da856adbda9a3d9b961f994407e67f4caeca48e5
14460a562a12c4cb19000f14d410f55e01a54c56ea426c66ae8bb0d5646bc413
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
1709cd39402d83321f6aa7bf2c23e28ed5bf67e2e7528ef1114973731e0d9b4b
170dd3a575229c4b0c95ac25e2abcb7110cdda8130c50390dad748a4aadaee43
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1ee43b9f0b9d04dbb343045c231271c35c917319b8d0ac01ec9c0b5cfc8f24e6
1ee842040f3e9a4a2e5dd695cf0b45db97898691ce3b7bc31b6b935298b55af4
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
23831bd807039dcff67dc869bf01472d1531be84f282d29ab0695908572cc69b
23f15beed9d03535718c088005381f36133f9b6ffeaf4f38150a2325a0ae5e52
27af6a936f27c245f807aef4673133e343b4d791c45ada798049d38a55e3634c
2847ec9566f657640808c4d791e9fe8d3cc38b78b3a7efc351b1819bbab8c631
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2abac3d0a75e51953ab5ef5798ba8971b5f5bff336863bb284f87d438b0b94b3
32057a4fe8307e26fd0454086a48c79f3d5cbd8e79fbbdfc734ff557fda38f25
37d925559381e9d5388c4a096fe1383570546b7b11548d7d6a7e560adcc24e5d
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
4a17d9e643411aab5e65cca9cb0a4f71a41aff8f27e5a85de2d138e9b621163f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4be89010482d7fcd9984cba864a6491ff2be25ea936cb1e9de9cded85a6e1a24
4cdecc62f5b2c8e9f7cf7b14b9fd42e0c4787d912c1b71426cdfbe0144cede46
4ed449bdc2a8c8f559cb10af7ddc3d4ddb16a6024b4e5c110c9c5432b58fd0e8
4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5ce3a089d3f62aab2f5f0fc5c2bc9eb3c06ed2e40bd29f980e7b1ba9fb4b3d4b
5d00e36861f441886ebbf4e0a9e410b1cf6d1ceb0bf2da1e066977df31a5d445
5d629d1ab36f64456e78dd4ad6e03e61b6f1f3093ab92b4777ba4ad2b605ce80
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63eaf8dd777f3ed4ce3b4db806adbf78cdb9f9eff38f8ea42f273fecf8e7f089
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
655ae452d922f501b62c7028fc35e238138de989387381cc1ed9cea9085864db
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
6726257bf91f6c971363480bb63164537b19bfd2d3c34133196f755922dda986
6acaf1e28f06b9575940731ab904b18dde4d2bf52618c42fddb14d0d9b6c028c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c52384c7b0641dd1ead85d079c22d39bcc6dc5f2537afb1e6396bb619771a3f
6c84348296ebe2e2a0830c3962eb02156419d9bc76371c2eadaf7329d827d550
6d9f061cba81145d9bab0964192d66cb2e13a71591482cdfaf5b718341171da1
6e8ddde2d08019f5c90bb1bb0caa0a3b149c67f6f41c0850786bdc0ec87f4b0d
6eab47c17572a089ad9ceb4c9694a99d7f3ffccd5d1c778438016b1eccdc8f0a
6f878d5e6de601bd4c9c184a915a1d947898430e800f993f60044f5a38dde268
72133d32df2afc6b9627d461268f0b37980034d4ab0a575912b80bcca5e6c609
728910fae0ac9aa3efd2ba350e26b3249d89d6e5ab6efff786839b78da30ffff
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
7559da922cf3cebf3133f0dfe3f6aa435899e05211c9066d84ebf853b28ac589
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
850d7f1f697b77be305819aef6aae76f6fdc46cfa24b35f6506de11cd140e365
86042f9897a7fac5e0ad6e9f8e55b845c0fbe31fcadf2dc6a28da0c6dab78cef
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
86bc13c8fc0b8f4590f7f7c344719335efa88e4b4eb81ec5a05b6a5cfa3f8ca2
878203aea099236d8e397fb225fde067628d84bc56985c9c01fb43edd9578f04
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c3010509fc7480b59413a90d69e9fafcb3d5aa202faf7862466f6bb8be1a335
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8d7a2684bab6714219ab87750ec845dc76f65bccd7bf21e58bf1b6ead6b8ecc0
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
9466e9e7baf16cf5f9f787bec7685504c8c228cab66a7d871983d223c67a1ade
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
968270ff6fa810e5e7f65b7d50c400b13755e75272ae97cbdf91efe151793b5e
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a18235f8098ed14d14fd4f391ee9ebb1991ffe6672563a190e3a0a7cdd143af
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9af79da0ed2e5a539db4924ea20a4002da6b7d53b6bbcddacc14922731c49adc
9b978821f78e7bd3a48e5ae8fd7121a291eec506579406745800ca0590f0907c
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c3fa1e5e51b58ed86bc1e0adf73441da6b089d66da26182281a2d4f0624ebbb
9cf2bc156c5f6b1ef26db3e570e43ab401c2f3b475f112cf43c28556b57e155d
9d80cc94a91dd2f84a5617c8b40162e0acc972ba1c37d72d42bd0fe115d6b6c5
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6173937554b7b2c2c3788f637bbcb5bfd10f9b4d6348da0142b855df237c540
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
abd3b0b28f0b038e4eb3e7fa9bf7768eeaa31eca4fae27bf0a555d0e7764e88a
acff2f7ced83945dfb1b2227c926ec6a29d4c9ef436b6cd78a0d0d7447286a09
ad1d0572134dd2ac687f99ad5d129f9db3180712d009d2e2450dedca0ca4ac97
ae3f8dd90b0aa771b658feac64893bc5a398c564471b016d16f01c4c997c3f6c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0eaabca31ab1a868f8b464116c58bad92ddf1115263cf5468d537cd1c2f0c5c
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34b10bbc97d3457a9e8c59779850e01d45160be2c72ac4e5f7bdb0eb3635cef
b5c422737a3014e58810db4ac5052acbb9cf489d0c303cab94453cc77d4cdfed
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9316039e195480aa7580b1acd1619b0d1290c164abcd64ce536f15a32f0996
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bd6b9ac5ee4fa5a4ca616753ec4a472fcc090d6f2d50f23845a7e92282eecd5e
bf8e96e63aa4b0711ed26d0f271cabbf0eed13134e228f765e991a5b156c1117
bf927c4e61681bb6f40d5a1d2be968567eb720a667d6c259db51332884e06d91
c067a7d5bc50ed4ba554421966d6c4b0140ff2ed4574640fd5abcfa1ab35be11
c09fa9679fb13cb821998f533f0f3b51a4a1756bbc05004aef91f8f217c54712
c10c5db50639b2b73b08244336c3b1b14384ab3cabb3d11a73656ab8c80506b8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2f073fe298e4796b1b4b7239ca66c3f8f59888e39d02f10a6d71fb4f77ecb4a
c37f0638aea7427161e04791736d419b581672d91342c43f74fed6caaf93fc23
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
d47e4acbdebe4408efe0fceef1451af67ed351d6a5e00d1793822f450db99968
d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05
d490f2efc64637640a21c5282a89dd22344e58974641bc7bbbfa4c7e4dc8648e
d51ee46aa2124408dee04d740ccc8626463ff7d611151a148668cd2624946a8b
d593a067f257cf8cfc63e5642da2b9d14d9d203b36aa3c464c15868c7b9ae576
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
da8438b81e390283f6eb8cc9cf49ccde3d00c954b4fbccdf6372c162c4b58ab2
daf92c82c637532aeb9ecd9f35a952a776f9cbe815d85022545b463a44fa45f9
db2175fffb1a59f6b07a5b10c728a0d7cdbe90e33794678d0d958d4da934578b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dda6ad33ac53197002b0e3c6c09f3714a6c79b73969d15666500689d8fc50d3c
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e21db9bc9254f6856fac42c81b52c3200c4362adaaf01efb01687e80fe8e3ee7
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e5a60c03a7ac0033874b06898e7d33e5baa504587739cab70acbed545d69c1f1
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
ec1d4ae0b6ab41e39f859c16f4950bda848e4003209994d01a789f079344e2f0
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ed3c13fd06b2263f2b4429a44906489ec1fae26fff7c0f5e4e245163b3c868c4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f0dae7d0fe22bb58d275ece06580699238d021a173e918df205c1197f9aa54b6
f1f9eda417444f06ef060dd832d8821c84f081a98cdf62acfe981f5554c894dc
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f697de2d405439b3209da8365171b0c796e890083188cf0b3fe1e23bcc42f54b
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
faa0f8b52a59989521c6646411de1aef196de3760ac681a3d921ee67ec846746
fbe820b6140ad28e86f34ffae507d807cf591a22697a05b71958f2014e96a9e4
fc84b10c58f11a32f3d8043f3147b3076ed8946c8a8bd18367c843b13cc9c233
fd220df146748e62564afbe3c20d831eb9cb64a89c6686836b3b8be811b8be0c
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
ffb769be7ecd1e45098366f82f9b9e6f173c613a5180672a7a450e0278aabccc
ffc5814ae8cb4866048dacac85edf7c2169b9312441df5e283a1902963c3ecc3