urlscan.io logo urlscan.io
SecurityTrails logo

securityaffairs.co Open in urlscan Pro
104.21.60.113  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/YlqQdhc56P
Effective URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Submission: On January 18 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 113 IPs in 13 countries across 102 domains to perform 391 HTTP transactions. The main IP is 104.21.60.113, located in and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.co. The Cisco Umbrella rank of the primary domain is 418367.
TLS certificate: Issued by GTS CA 1P5 on December 26th 2022. Valid for: 3 months.
This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
1 3 104.21.60.113 13335 (CLOUDFLAR...)
15 142.251.12.155 15169 (GOOGLE)
40 172.67.140.211 13335 (CLOUDFLAR...)
4 74.125.24.95 15169 (GOOGLE)
1 13.33.88.41 16509 (AMAZON-02)
4 161.35.253.218 14061 (DIGITALOC...)
6 192.0.77.2 2635 (AUTOMATTIC)
4 142.250.4.97 15169 (GOOGLE)
2 192.0.76.3 2635 (AUTOMATTIC)
10 172.217.194.156 15169 (GOOGLE)
1 13.35.8.117 16509 (AMAZON-02)
1 3 3.120.82.246 16509 (AMAZON-02)
5 142.250.4.94 15169 (GOOGLE)
1 192.0.73.2 2635 (AUTOMATTIC)
6 172.67.68.113 13335 (CLOUDFLAR...)
2 172.217.194.157 15169 (GOOGLE)
6 142.251.10.154 15169 (GOOGLE)
2 216.239.38.181 15169 (GOOGLE)
1 142.251.10.157 15169 (GOOGLE)
1 142.251.10.94 15169 (GOOGLE)
13 74.125.200.156 15169 (GOOGLE)
1 3.114.216.187 16509 (AMAZON-02)
2 172.217.194.138 15169 (GOOGLE)
4 182.161.73.136 55569 (CRITEO-AS...)
1 52.24.113.245 16509 (AMAZON-02)
3 162.19.138.120 16276 (OVH)
13 14 3.33.220.150 16509 (AMAZON-02)
4 6 104.254.151.36 29990 (ASN-APPNEX)
6 137.184.242.150 14061 (DIGITALOC...)
2 34.149.20.76 15169 (GOOGLE)
4 11 104.254.148.252 29990 (ASN-APPNEX)
2 34.107.148.139 396982 (GOOGLE-CL...)
2 69.173.158.65 26667 (RUBICONPR...)
2 89.149.192.65 60781 (LEASEWEB-...)
1 10 35.244.159.8 15169 (GOOGLE)
2 103.231.98.193 62713 (AS-PUBMATIC)
3 63.251.14.60 14744 (INTERNAP-...)
2 72.34.250.78 27630 (AS-XFERNET)
2 52.74.66.232 16509 (AMAZON-02)
2 52.77.152.198 16509 (AMAZON-02)
1 104.16.56.101 13335 (CLOUDFLAR...)
1 3 64.120.110.136 59253 (LEASEWEB-...)
2 162.19.138.82 16276 (OVH)
1 13.33.33.93 16509 (AMAZON-02)
2 142.250.4.132 15169 (GOOGLE)
2 2 207.198.113.205 13768 (COGECO-PEER1)
2 9 52.74.234.58 16509 (AMAZON-02)
3 4 107.178.244.193 15169 (GOOGLE)
4 64.120.110.139 59253 (LEASEWEB-...)
2 3 35.227.252.103 15169 (GOOGLE)
1 198.206.157.242 399668 (E-PLANNING-)
2 8 184.31.5.52 16625 (AKAMAI-AS)
1 2 172.64.154.237 13335 (CLOUDFLAR...)
1 167.88.158.176 30081 (CACHENETW...)
2 13.33.33.31 16509 (AMAZON-02)
1 18.155.68.7 16509 (AMAZON-02)
2 18.155.68.83 16509 (AMAZON-02)
2 8 139.99.49.250 16276 (OVH)
19 32 172.253.118.157 15169 (GOOGLE)
2 104.18.33.19 13335 (CLOUDFLAR...)
2 10 139.5.84.243 27381 (CASALE-MEDIA)
4 10 209.54.182.161 16509 (AMAZON-02)
3 3 103.229.10.211 16509 (AMAZON-02)
7 7 103.229.206.240 30419 (MEDIAMATH...)
3 3 64.202.112.223 23352 (SERVERCEN...)
1 2 23.73.13.201 16625 (AKAMAI-AS)
2 2 35.214.223.115 15169 (GOOGLE)
4 13.33.33.106 16509 (AMAZON-02)
7 7 67.202.105.24 32748 (STEADFAST)
1 2 67.202.105.33 32748 (STEADFAST)
4 23.72.44.196 16625 (AKAMAI-AS)
2 23.72.44.183 16625 (AKAMAI-AS)
5 18.139.240.219 16509 (AMAZON-02)
12 13 35.213.12.39 15169 (GOOGLE)
6 72.34.250.75 27630 (AS-XFERNET)
2 2 13.114.38.125 16509 (AMAZON-02)
8 23.106.127.165 59253 (LEASEWEB-...)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
1 1 23.106.69.72 59253 (LEASEWEB-...)
1 4 52.74.162.2 16509 (AMAZON-02)
1 1 54.80.38.94 14618 (AMAZON-AES)
1 204.79.197.200 8068 (MICROSOFT...)
3 3 74.214.196.131 19189 (PULSEPOINT)
5 6 185.84.60.23 198622 (ADFORM)
2 4 52.77.64.78 16509 (AMAZON-02)
1 208.92.55.231 13360 (TRITONDIG...)
1 1 198.8.71.130 54312 (ROCKETFUEL)
8 8 74.118.186.44 26120 (RHYTHMONE)
23 67.199.150.86 62713 (AS-PUBMATIC)
1 1 104.83.196.216 16625 (AKAMAI-AS)
4 5 50.116.239.135 6336 (TURN-US-ASN)
12 34.98.64.218 396982 (GOOGLE-CL...)
2 2 202.241.208.56 4694 (IDCF IDC ...)
4 4 13.33.88.98 16509 (AMAZON-02)
1 1 69.173.158.64 26667 (RUBICONPR...)
1 69.173.144.139 26667 (RUBICONPR...)
6 10 8.39.36.142 26667 (RUBICONPR...)
1 23.106.127.53 59253 (LEASEWEB-...)
3 4 35.190.60.146 15169 (GOOGLE)
1 103.231.98.197 62713 (AS-PUBMATIC)
1 13.107.42.14 8068 (MICROSOFT...)
2 3 67.220.224.150 16509 (AMAZON-02)
3 103.231.98.196 62713 (AS-PUBMATIC)
1 1 18.138.18.111 16509 (AMAZON-02)
1 182.161.73.146 55569 (CRITEO-AS...)
2 2 54.208.68.206 14618 (AMAZON-AES)
2 220.150.223.50 4686 (BEKKOAME ...)
1 1 103.3.63.48 63949 (AKAMAI-AP...)
1 2 35.186.193.173 15169 (GOOGLE)
2 13.114.228.14 16509 (AMAZON-02)
1 1 52.220.229.2 16509 (AMAZON-02)
2 2 18.142.216.216 16509 (AMAZON-02)
2 2 52.74.118.249 16509 (AMAZON-02)
1 8.18.47.7 398989 (DEEPINTENT)
1 2 104.18.25.173 13335 (CLOUDFLAR...)
1 195.5.165.20 44968 (IPROM-AS)
2 2 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 396982 (GOOGLE-CL...)
1 2 119.9.108.211 45187 (RACKSPACE...)
3 3 34.83.125.63 396982 (GOOGLE-CL...)
3 67.199.150.85 62713 (AS-PUBMATIC)
2 2 13.231.14.162 16509 (AMAZON-02)
4 4 89.207.22.137 399104 (CNVR-APAC)
1 1 34.102.253.54 396982 (GOOGLE-CL...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 182.161.73.129 55569 (CRITEO-AS...)
1 151.101.65.229 54113 (FASTLY)
1 104.22.52.86 13335 (CLOUDFLAR...)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 13.33.78.115 16509 (AMAZON-02)
4 172.253.118.132 15169 (GOOGLE)
1 142.251.10.106 15169 (GOOGLE)
1 1 146.0.227.110 20773 (GODADDY)
6 34.117.239.71 396982 (GOOGLE-CL...)
1 1 98.98.134.243 21859 (ZEN-ECN)
1 34.120.135.53 396982 (GOOGLE-CL...)
2 172.253.118.154 15169 (GOOGLE)
1 142.250.4.149 15169 (GOOGLE)
1 162.19.138.116 16276 (OVH)
2 35.190.39.111 15169 (GOOGLE)
1 1 18.198.61.82 16509 (AMAZON-02)
1 34.96.105.8 396982 (GOOGLE-CL...)
2 2 18.176.234.133 16509 (AMAZON-02)
1 1 8.43.72.98 26667 (RUBICONPR...)
1 1 18.176.29.44 16509 (AMAZON-02)
1 1 31.220.27.134 39572 (ADVANCEDH...)
1 1 106.10.236.147 56173 (YAHOO-SG3...)
1 52.32.15.49 16509 (AMAZON-02)
391 113
1    104.244.42.5 (United States)

ASN13414 (TWITTER, US)
t.co
3    104.21.60.113 (None, )

ASN13335 (CLOUDFLARENET, US)
securityaffairs.co
15    142.251.12.155 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f155.1e100.net
pagead2.googlesyndication.com
40    172.67.140.211 (United States)

ASN13335 (CLOUDFLARENET, US)
securityaffairs.com
4    74.125.24.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f95.1e100.net
fonts.googleapis.com
1    13.33.88.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-41.sin2.r.cloudfront.net
platform-api.sharethis.com
4    161.35.253.218 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
served-by.pixfuture.com
6    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
4    142.250.4.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f97.1e100.net
www.googletagmanager.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
10    172.217.194.156 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f156.1e100.net
googleads.g.doubleclick.net
partner.googleadservices.com
adservice.google.com.au
www.googletagservices.com
1    13.35.8.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-8-117.sin5.r.cloudfront.net
buttons-config.sharethis.com
3    3.120.82.246 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-82-246.eu-central-1.compute.amazonaws.com
l.sharethis.com
5    142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net
fonts.gstatic.com
1    192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
6    172.67.68.113 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pixfuture.com
2    172.217.194.157 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f157.1e100.net
adservice.google.com.au
6    142.251.10.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f154.1e100.net
adservice.google.com
2    216.239.38.181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    142.251.10.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f157.1e100.net
stats.g.doubleclick.net
1    142.251.10.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f94.1e100.net
www.google.com.au
13    74.125.200.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sa-in-f156.1e100.net
securepubads.g.doubleclick.net
1    3.114.216.187 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-114-216-187.ap-northeast-1.compute.amazonaws.com
aa.agkn.com
2    172.217.194.138 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f138.1e100.net
www.google-analytics.com
4    182.161.73.136 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)
gum.criteo.com
1    52.24.113.245 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-24-113-245.us-west-2.compute.amazonaws.com
fid.agkn.com
3    162.19.138.120 (France)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu
id5-sync.com
14    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
6    104.254.151.36 (Los Angeles, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
secure.adnxs.com
6    137.184.242.150 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
prebidserver.pixfuture.com
2    34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
11    104.254.148.252 (Los Angeles, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
ib.adnxs.com
2    34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com
prebid.media.net
2    69.173.158.65 (Ashburn, United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    89.149.192.65 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
prg.smartadserver.com
10    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
pixfuture2-d.openx.net
jp-u.openx.net
eu-u.openx.net
us-u.openx.net
google-bidout-d.openx.net
2    103.231.98.193 (Japan)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
3    63.251.14.60 (United States)

ASN14744 (INTERNAP-BLOCK-4, US)
ap.lijit.com
2    72.34.250.78 (Studio City, United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
2    52.74.66.232 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-66-232.ap-southeast-1.compute.amazonaws.com
btlr.sharethrough.com
2    52.77.152.198 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-77-152-198.ap-southeast-1.compute.amazonaws.com
c2shb.pubgw.yahoo.com
1    104.16.56.101 (None, )

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
3    64.120.110.136 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
sync.e-planning.net
2    162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
lb.eu-1-id5-sync.com
1    13.33.33.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-93.sin2.r.cloudfront.net
get.s-onetag.com
2    142.250.4.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f132.1e100.net
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
2    207.198.113.205 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel.sitescout.com
9    52.74.234.58 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
sync.crwdcntrl.net
bcp.crwdcntrl.net
4    107.178.244.193 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 193.244.178.107.bc.googleusercontent.com
pixel.tapad.com
4    64.120.110.139 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
PTR: ads.us.e-planning.net
u-sin01.e-planning.net
3    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    198.206.157.242 (New York, United States)

ASN399668 (E-PLANNING-, US)
PTR: s.e-planning.net
s.e-planning.net
8    184.31.5.52 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-5-52.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
eus.rubiconproject.com
2    172.64.154.237 (United States)

ASN13335 (CLOUDFLARENET, US)
ssum.casalemedia.com
1    167.88.158.176 (Singapore)

ASN30081 (CACHENETWORKS, US)
PTR: unknown.scnet.net
i.e-planning.net
2    13.33.33.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-31.sin2.r.cloudfront.net
onetag-geo.s-onetag.com
1    18.155.68.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-68-7.sin52.r.cloudfront.net
signal-beacon.s-onetag.com
2    18.155.68.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-68-83.sin52.r.cloudfront.net
signal-segments.s-onetag.com
8    139.99.49.250 (Singapore)

ASN16276 (OVH, FR)
PTR: ip250.ip-139-99-49.net
onetag-sys.com
32    172.253.118.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f157.1e100.net
cm.g.doubleclick.net
2    104.18.33.19 (None, )

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
10    139.5.84.243 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
10    209.54.182.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
3    103.229.10.211 (Singapore)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
7    103.229.206.240 (Singapore)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
3    64.202.112.223 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
2    23.73.13.201 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-13-201.deploy.static.akamaitechnologies.com
stags.bluekai.com
tags.bluekai.com
2    35.214.223.115 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 115.223.214.35.bc.googleusercontent.com
csync.loopme.me
4    13.33.33.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-33-106.sin2.r.cloudfront.net
tags.crwdcntrl.net
7    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
2    67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net
de.tynt.com
4    23.72.44.196 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-72-44-196.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    23.72.44.183 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a23-72-44-183.deploy.static.akamaitechnologies.com
acdn.adnxs.com
5    18.139.240.219 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
match.sharethrough.com
13    35.213.12.39 (Tokyo, Japan)

ASN15169 (GOOGLE, US)
PTR: 39.12.213.35.bc.googleusercontent.com
x.bidswitch.net
6    72.34.250.75 (Studio City, United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
2    13.114.38.125 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-114-38-125.ap-northeast-1.compute.amazonaws.com
match.prod.bidr.io
8    23.106.127.165 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
rtb-csync.smartadserver.com
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
1    23.106.69.72 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
gu.dyntrk.com
4    52.74.162.2 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    54.80.38.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-38-94.compute-1.amazonaws.com
a.audrte.com
1    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
3    74.214.196.131 (Sunnyvale, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
6    185.84.60.23 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
4    52.77.64.78 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-77-64-78.ap-southeast-1.compute.amazonaws.com
pr-bh.ybp.yahoo.com
1    208.92.55.231 (Canada)

ASN13360 (TRITONDIGITAL, CA)
yield-op-idsync.live.streamtheworld.com
1    198.8.71.130 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
8    74.118.186.44 (Singapore)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
23    67.199.150.86 (Los Angeles, United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
image2.pubmatic.com
1    104.83.196.216 (Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-83-196-216.deploy.static.akamaitechnologies.com
pixel.mathtag.com
5    50.116.239.135 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
r.turn.com
12    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
jp-u.openx.net
2    202.241.208.56 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)
tg.socdm.com
4    13.33.88.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-88-98.sin2.r.cloudfront.net
cr-p3.ladsp.com
1    69.173.158.64 (Singapore)

ASN26667 (RUBICONPROJECT, US)
pixel-apac.rubiconproject.com
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
10    8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
1    23.106.127.53 (Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
ssbsync-global.smartadserver.com
4    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
1    103.231.98.197 (Japan)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
3    67.220.224.150 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
3    103.231.98.196 (Japan)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    18.138.18.111 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-138-18-111.ap-southeast-1.compute.amazonaws.com
cm.ambientdsp.com
1    182.161.73.146 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)
dis.criteo.com
2    54.208.68.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-68-206.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    220.150.223.50 (Japan)

ASN4686 (BEKKOAME BEKKOAME INTERNET INC., JP)
PTR: 50.223.150.220.in-addr.arpa
sync-dsp.ad-m.asia
1    103.3.63.48 (Singapore)

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: li819-48.members.linode.com
gocm.c.appier.net
2    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
ipac.ctnsnet.com
2    13.114.228.14 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-114-228-14.ap-northeast-1.compute.amazonaws.com
dps.jp.cinarra.com
1    52.220.229.2 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com
cm-supply-web.gammaplatform.com
2    18.142.216.216 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-142-216-216.ap-southeast-1.compute.amazonaws.com
pm.w55c.net
2    52.74.118.249 (Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-118-249.ap-southeast-1.compute.amazonaws.com
cm.adgrx.com
1    8.18.47.7 (United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
2    104.18.25.173 (None, )

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
2    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
2    119.9.108.211 (Hong Kong)

ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK)
uipglob.semasio.net
3    34.83.125.63 (The Dalles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 63.125.83.34.bc.googleusercontent.com
um.simpli.fi
3    67.199.150.85 (Los Angeles, United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
2    13.231.14.162 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-231-14-162.ap-northeast-1.compute.amazonaws.com
pool.admedo.com
4    89.207.22.137 (Singapore)

ASN399104 (CNVR-APAC, US)
PTR: sin03-nessy-float1.dotomi.com
pubmatic-match.dotomi.com
openx2-match.dotomi.com
1    34.102.253.54 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com
ads.playground.xyz
1    34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com
oa.openxcdn.net
1    182.161.73.129 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)
static.criteo.net
1    151.101.65.229 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    104.22.52.86 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com
invstatic101.creativecdn.com
1    13.33.78.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-78-115.sin2.r.cloudfront.net
cdn.prod.uidapi.com
4    172.253.118.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f132.1e100.net
tpc.googlesyndication.com
1    142.251.10.106 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f106.1e100.net
www.google.com
1    146.0.227.110 (Ascension Island)

ASN20773 (GODADDY, DE)
inv-nets.admixer.net
6    34.117.239.71 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 71.239.117.34.bc.googleusercontent.com
events-ssc.33across.com
1    98.98.134.243 (United States)

ASN21859 (ZEN-ECN, US)
pixel-sync.sitescout.com
1    34.120.135.53 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com
oajs.openx.net
2    172.253.118.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f154.1e100.net
googleads4.g.doubleclick.net
1    142.250.4.149 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f149.1e100.net
s0.2mdn.net
1    162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu
lbs.eu-1-id5-sync.com
2    35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com
esp.rtbhouse.com
1    18.198.61.82 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-61-82.eu-central-1.compute.amazonaws.com
i.w55c.net
1    34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com
tr.blismedia.com
2    18.176.234.133 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-234-133.ap-northeast-1.compute.amazonaws.com
bk.r-ad.ne.jp
cs.r-ad.ne.jp
1    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
1    18.176.29.44 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-29-44.ap-northeast-1.compute.amazonaws.com
dynalyst-sync.adtdp.com
1    31.220.27.134 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
s.uuidksinc.net
1    106.10.236.147 (Singapore)

ASN56173 (YAHOO-SG3 internet content provider, SG)
PTR: spcms.pbp.vip.sg3.yahoo.com
cms.analytics.yahoo.com
1    52.32.15.49 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-15-49.us-west-2.compute.amazonaws.com
beacon.krxd.net
Apex Domain
Subdomains		 Transfer
52 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
stats.g.doubleclick.net — Cisco Umbrella Rank: 75
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 190
cm.g.doubleclick.net — Cisco Umbrella Rank: 216
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 321
217 KB
40 securityaffairs.com
securityaffairs.com — Cisco Umbrella Rank: 524906
199 KB
36 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 444
ads.pubmatic.com — Cisco Umbrella Rank: 463
simage2.pubmatic.com — Cisco Umbrella Rank: 654
image8.pubmatic.com — Cisco Umbrella Rank: 616
image6.pubmatic.com — Cisco Umbrella Rank: 702
image2.pubmatic.com — Cisco Umbrella Rank: 862
image4.pubmatic.com — Cisco Umbrella Rank: 898
simage4.pubmatic.com — Cisco Umbrella Rank: 1186
35 KB
26 openx.net
pixfuture2-d.openx.net — Cisco Umbrella Rank: 65263
rtb.openx.net — Cisco Umbrella Rank: 1592
jp-u.openx.net — Cisco Umbrella Rank: 10656
eu-u.openx.net — Cisco Umbrella Rank: 1964
us-u.openx.net — Cisco Umbrella Rank: 420
oajs.openx.net — Cisco Umbrella Rank: 2596
google-bidout-d.openx.net — Cisco Umbrella Rank: 2546
6 KB
23 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 450
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 840
eus.rubiconproject.com — Cisco Umbrella Rank: 532
pixel-apac.rubiconproject.com — Cisco Umbrella Rank: 33835
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2039
pixel.rubiconproject.com — Cisco Umbrella Rank: 306
token.rubiconproject.com — Cisco Umbrella Rank: 551
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1031
41 KB
21 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 156
261 KB
19 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 413
ib.adnxs.com — Cisco Umbrella Rank: 207
acdn.adnxs.com — Cisco Umbrella Rank: 550
52 KB
16 pixfuture.com
served-by.pixfuture.com — Cisco Umbrella Rank: 43419
cdn.pixfuture.com — Cisco Umbrella Rank: 47381
prebidserver.pixfuture.com — Cisco Umbrella Rank: 54682
506 KB
15 33across.com
ssc.33across.com — Cisco Umbrella Rank: 2050
ssc-cms.33across.com — Cisco Umbrella Rank: 798
events-ssc.33across.com — Cisco Umbrella Rank: 1838
5 KB
14 casalemedia.com
ssum.casalemedia.com — Cisco Umbrella Rank: 1320
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 434
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 528
9 KB
14 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 301
7 KB
13 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 276
6 KB
13 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 279
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 960
8 KB
13 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 747
tags.crwdcntrl.net — Cisco Umbrella Rank: 1039
bcp.crwdcntrl.net — Cisco Umbrella Rank: 904
33 KB
11 yahoo.com
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 821
ups.analytics.yahoo.com — Cisco Umbrella Rank: 274
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 417
cms.analytics.yahoo.com — Cisco Umbrella Rank: 833
5 KB
11 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1585
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 565
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1811
7 KB
9 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 5666
u-sin01.e-planning.net — Cisco Umbrella Rank: 251274
s.e-planning.net — Cisco Umbrella Rank: 12462
i.e-planning.net — Cisco Umbrella Rank: 11051
sync.e-planning.net — Cisco Umbrella Rank: 6731
4 KB
9 google.com
adservice.google.com — Cisco Umbrella Rank: 70
analytics.google.com — Cisco Umbrella Rank: 329
www.google.com — Cisco Umbrella Rank: 2
2 KB
8 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 453
pixel.mathtag.com — Cisco Umbrella Rank: 972
5 KB
8 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 691
4 KB
8 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1456
sync.go.sonobi.com — Cisco Umbrella Rank: 803
9 KB
8 wp.com
i0.wp.com — Cisco Umbrella Rank: 3063
stats.wp.com — Cisco Umbrella Rank: 2733
pixel.wp.com — Cisco Umbrella Rank: 2493
100 KB
7 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 911
match.sharethrough.com — Cisco Umbrella Rank: 507
3 KB
7 google.com.au
adservice.google.com.au — Cisco Umbrella Rank: 67088
www.google.com.au — Cisco Umbrella Rank: 23941
2 KB
6 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 521
3 KB
6 adform.net
c1.adform.net — Cisco Umbrella Rank: 590
3 KB
6 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 3758
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 4608
signal-beacon.s-onetag.com — Cisco Umbrella Rank: 4952
signal-segments.s-onetag.com — Cisco Umbrella Rank: 8070
18 KB
5 turn.com
ad.turn.com — Cisco Umbrella Rank: 721
r.turn.com — Cisco Umbrella Rank: 3102
2 KB
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 385
dis.criteo.com — Cisco Umbrella Rank: 703
8 KB
5 gstatic.com
fonts.gstatic.com
123 KB
5 sharethis.com
platform-api.sharethis.com — Cisco Umbrella Rank: 4437
buttons-config.sharethis.com — Cisco Umbrella Rank: 5779
l.sharethis.com — Cisco Umbrella Rank: 4685
47 KB
4 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 2837
openx2-match.dotomi.com — Cisco Umbrella Rank: 4491
1 KB
4 ladsp.com
cr-p3.ladsp.com — Cisco Umbrella Rank: 28314
2 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 431
1 KB
4 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 593
idsync.rlcdn.com — Cisco Umbrella Rank: 345
1 KB
4 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 393
cdn.id5-sync.com — Cisco Umbrella Rank: 938
20 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 41
275 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
3 KB
3 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 788
2 KB
3 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 689
i.w55c.net — Cisco Umbrella Rank: 1520
2 KB
3 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 525
2 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 515
2 KB
3 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 636
1 KB
3 sitescout.com
pixel.sitescout.com — Cisco Umbrella Rank: 3543
pixel-sync.sitescout.com — Cisco Umbrella Rank: 611
2 KB
3 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1057
lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1305
1 KB
3 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 595
1 KB
3 securityaffairs.co
securityaffairs.co — Cisco Umbrella Rank: 418367
20 KB
2 r-ad.ne.jp
bk.r-ad.ne.jp — Cisco Umbrella Rank: 32133
cs.r-ad.ne.jp — Cisco Umbrella Rank: 66726
1 KB
2 rtbhouse.com
esp.rtbhouse.com — Cisco Umbrella Rank: 6206
360 B
2 admedo.com
pool.admedo.com — Cisco Umbrella Rank: 4757
1 KB
2 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1159
1 KB
2 pippio.com
pippio.com — Cisco Umbrella Rank: 716
881 B
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 728
s.tribalfusion.com — Cisco Umbrella Rank: 1773
1 KB
2 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1327
1 KB
2 cinarra.com
dps.jp.cinarra.com — Cisco Umbrella Rank: 20080
440 B
2 ctnsnet.com
ipac.ctnsnet.com — Cisco Umbrella Rank: 5102
673 B
2 ad-m.asia
sync-dsp.ad-m.asia — Cisco Umbrella Rank: 3012
486 B
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 650
905 B
2 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 935
2 KB
2 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 954
1 KB
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 480
1 KB
2 tynt.com
de.tynt.com — Cisco Umbrella Rank: 1427
3 KB
2 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 826
500 B
2 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 516
tags.bluekai.com — Cisco Umbrella Rank: 548
1 KB
2 media.net
prebid.media.net — Cisco Umbrella Rank: 1038
277 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 22
402 B
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 469
fid.agkn.com — Cisco Umbrella Rank: 3920
1 KB
1 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 604
338 B
1 uuidksinc.net
s.uuidksinc.net — Cisco Umbrella Rank: 9681
288 B
1 adtdp.com
dynalyst-sync.adtdp.com — Cisco Umbrella Rank: 63592
584 B
1 blismedia.com
tr.blismedia.com — Cisco Umbrella Rank: 1808
173 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 280
67 KB
1 admixer.net
inv-nets.admixer.net — Cisco Umbrella Rank: 2347
586 B
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 185
49 KB
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 2788
2 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 5447
2 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 357
896 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 637
13 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2762
8 KB
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 3576
466 B
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 4114
390 B
1 iprom.net
core.iprom.net — Cisco Umbrella Rank: 5405
280 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 835
44 B
1 gammaplatform.com
cm-supply-web.gammaplatform.com — Cisco Umbrella Rank: 2541
645 B
1 appier.net
gocm.c.appier.net — Cisco Umbrella Rank: 2122
395 B
1 ambientdsp.com
cm.ambientdsp.com — Cisco Umbrella Rank: 24847
653 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 373
574 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 726
736 B
1 streamtheworld.com
yield-op-idsync.live.streamtheworld.com — Cisco Umbrella Rank: 9741
542 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 241
668 B
1 audrte.com
a.audrte.com — Cisco Umbrella Rank: 2078
657 B
1 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 992
636 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1442
487 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 943
6 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 813
472 B
1 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 1736
1 KB
1 t.co
t.co — Cisco Umbrella Rank: 542
704 B
0 chocolateplatform.com Failed
cs.chocolateplatform.com Failed
0 rundsp.com Failed
match.rundsp.com Failed
0 nex8.net Failed
cs.nex8.net Failed
0 everesttech.net Failed
sync-tm.everesttech.net Failed
0 trafficroots.com Failed
demand.trafficroots.com Failed
391 102
Domain Requested by
40 securityaffairs.com securityaffairs.co
securityaffairs.com
32 cm.g.doubleclick.net 19 redirects jp-u.openx.net
onetag-sys.com
eus.rubiconproject.com
googleads.g.doubleclick.net
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
securityaffairs.co
bcp.crwdcntrl.net
17 simage2.pubmatic.com securityaffairs.co
ads.pubmatic.com
15 pagead2.googlesyndication.com securityaffairs.co
pagead2.googlesyndication.com
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
14 match.adsrvr.org 13 redirects cdn.pixfuture.com
13 x.bidswitch.net 12 redirects onetag-sys.com
13 securepubads.g.doubleclick.net cdn.pixfuture.com
securepubads.g.doubleclick.net
11 ib.adnxs.com 4 redirects cdn.pixfuture.com
acdn.adnxs.com
googleads.g.doubleclick.net
10 us-u.openx.net jp-u.openx.net
de.tynt.com
us-u.openx.net
google-bidout-d.openx.net
10 s.amazon-adsystem.com 4 redirects ssum.casalemedia.com
securityaffairs.co
onetag-sys.com
eus.rubiconproject.com
google-bidout-d.openx.net
10 dsum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
googleads.g.doubleclick.net
8 rtb-csync.smartadserver.com securityaffairs.co
8 jp-u.openx.net cdn.pixfuture.com
jp-u.openx.net
us-u.openx.net
8 onetag-sys.com 2 redirects cdn.pixfuture.com
onetag-sys.com
7 ssc-cms.33across.com 7 redirects
7 sync.mathtag.com 7 redirects
6 events-ssc.33across.com de.tynt.com
us-u.openx.net
eus.rubiconproject.com
ads.pubmatic.com
6 image2.pubmatic.com ads.pubmatic.com
6 pixel.rubiconproject.com 2 redirects onetag-sys.com
eus.rubiconproject.com
6 sync.1rx.io 6 redirects
6 c1.adform.net 5 redirects ads.pubmatic.com
6 sync.go.sonobi.com securityaffairs.co
6 eus.rubiconproject.com ads.us.e-planning.net
cdn.pixfuture.com
eus.rubiconproject.com
de.tynt.com
6 sync.crwdcntrl.net 2 redirects securityaffairs.co
bcp.crwdcntrl.net
6 prebidserver.pixfuture.com cdn.pixfuture.com
ads.us.e-planning.net
onetag-sys.com
securityaffairs.co
6 secure.adnxs.com 4 redirects securityaffairs.co
6 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
6 adservice.google.com.au pagead2.googlesyndication.com
securepubads.g.doubleclick.net
6 cdn.pixfuture.com served-by.pixfuture.com
cdn.pixfuture.com
static.cloudflareinsights.com
securityaffairs.co
6 i0.wp.com securityaffairs.co
5 match.sharethrough.com securityaffairs.co
5 fonts.gstatic.com fonts.googleapis.com
4 tpc.googlesyndication.com ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
4 token.rubiconproject.com 4 redirects
4 cr-p3.ladsp.com 4 redirects
4 ad.turn.com 4 redirects
4 pr-bh.ybp.yahoo.com 2 redirects ads.pubmatic.com
us-u.openx.net
4 ups.analytics.yahoo.com 1 redirects securityaffairs.co
onetag-sys.com
google-bidout-d.openx.net
4 ads.pubmatic.com cdn.pixfuture.com
ads.pubmatic.com
de.tynt.com
4 tags.crwdcntrl.net s.e-planning.net
securepubads.g.doubleclick.net
tags.crwdcntrl.net
4 u-sin01.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
4 pixel.tapad.com 3 redirects securityaffairs.co
4 gum.criteo.com cdn.pixfuture.com
static.criteo.net
gum.criteo.com
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
4 www.googletagmanager.com securityaffairs.co
www.googletagmanager.com
4 served-by.pixfuture.com securityaffairs.co
cdn.pixfuture.com
4 fonts.googleapis.com securityaffairs.co
3 bcp.crwdcntrl.net tags.crwdcntrl.net
3 um.simpli.fi 3 redirects
3 image6.pubmatic.com ads.pubmatic.com
3 aax-eu.amazon-adsystem.com 2 redirects eus.rubiconproject.com
3 bh.contextweb.com 3 redirects
3 b1sync.zemanta.com 3 redirects
3 cms.quantserve.com 3 redirects
3 rtb.openx.net 2 redirects us-u.openx.net
3 ap.lijit.com cdn.pixfuture.com
signal-beacon.s-onetag.com
3 id5-sync.com cdn.pixfuture.com
cdn.id5-sync.com
3 l.sharethis.com 1 redirects securityaffairs.co
3 securityaffairs.co 1 redirects t.co
securityaffairs.co
2 simage4.pubmatic.com ads.pubmatic.com
2 openx2-match.dotomi.com 2 redirects
2 esp.rtbhouse.com invstatic101.creativecdn.com
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 pubmatic-match.dotomi.com 2 redirects
2 pool.admedo.com 2 redirects
2 uipglob.semasio.net 1 redirects ads.pubmatic.com
2 pippio.com 2 redirects
2 idsync.rlcdn.com 1 redirects ads.pubmatic.com
2 cm.adgrx.com 2 redirects
2 pm.w55c.net 2 redirects
2 dps.jp.cinarra.com ads.pubmatic.com
us-u.openx.net
2 ipac.ctnsnet.com 1 redirects ads.pubmatic.com
2 sync-dsp.ad-m.asia ads.pubmatic.com
us-u.openx.net
2 sync.srv.stackadapt.com 2 redirects
2 id.rlcdn.com 2 redirects
2 tg.socdm.com 2 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 match.prod.bidr.io 2 redirects
2 acdn.adnxs.com cdn.pixfuture.com
2 de.tynt.com 1 redirects cdn.pixfuture.com
2 csync.loopme.me 2 redirects
2 ssum-sec.casalemedia.com ssum.casalemedia.com
securityaffairs.co
2 signal-segments.s-onetag.com get.s-onetag.com
2 onetag-geo.s-onetag.com get.s-onetag.com
signal-beacon.s-onetag.com
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 secure-assets.rubiconproject.com 2 redirects
2 pixel.sitescout.com 2 redirects
2 ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 lb.eu-1-id5-sync.com cdn.pixfuture.com
cdn.id5-sync.com
2 ads.us.e-planning.net 1 redirects cdn.pixfuture.com
2 c2shb.pubgw.yahoo.com cdn.pixfuture.com
2 btlr.sharethrough.com cdn.pixfuture.com
2 apex.go.sonobi.com cdn.pixfuture.com
2 hbopenbid.pubmatic.com cdn.pixfuture.com
2 pixfuture2-d.openx.net cdn.pixfuture.com
2 prg.smartadserver.com cdn.pixfuture.com
2 fastlane.rubiconproject.com cdn.pixfuture.com
2 prebid.media.net cdn.pixfuture.com
2 ssc.33across.com cdn.pixfuture.com
2 www.google-analytics.com www.googletagmanager.com
2 analytics.google.com www.googletagmanager.com
1 beacon.krxd.net bcp.crwdcntrl.net
1 tags.bluekai.com bcp.crwdcntrl.net
1 cms.analytics.yahoo.com 1 redirects
1 s.uuidksinc.net 1 redirects
1 dynalyst-sync.adtdp.com 1 redirects
1 cs.r-ad.ne.jp 1 redirects
1 r.turn.com ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
1 pixel-us-east.rubiconproject.com 1 redirects
1 google-bidout-d.openx.net oa.openxcdn.net
1 bk.r-ad.ne.jp 1 redirects
1 tr.blismedia.com us-u.openx.net
1 i.w55c.net 1 redirects
1 lbs.eu-1-id5-sync.com cdn.id5-sync.com
1 s0.2mdn.net ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
1 oajs.openx.net oa.openxcdn.net
1 pixel-sync.sitescout.com 1 redirects
1 inv-nets.admixer.net 1 redirects
1 www.googletagservices.com ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
1 www.google.com ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
1 cdn.prod.uidapi.com securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 ads.playground.xyz 1 redirects
1 image4.pubmatic.com ads.pubmatic.com
1 tags.rd.linksynergy.com 1 redirects
1 core.iprom.net ads.pubmatic.com
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 cm-supply-web.gammaplatform.com 1 redirects
1 gocm.c.appier.net 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 cm.ambientdsp.com 1 redirects
1 px.ads.linkedin.com eus.rubiconproject.com
1 image8.pubmatic.com onetag-sys.com
1 ssbsync-global.smartadserver.com onetag-sys.com
1 pixel-eu.rubiconproject.com onetag-sys.com
1 sync.e-planning.net eus.rubiconproject.com
1 pixel-apac.rubiconproject.com 1 redirects
1 eu-u.openx.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 p.rfihub.com 1 redirects
1 yield-op-idsync.live.streamtheworld.com securityaffairs.co
1 c.bing.com securityaffairs.co
1 a.audrte.com 1 redirects
1 gu.dyntrk.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 stags.bluekai.com 1 redirects
1 signal-beacon.s-onetag.com get.s-onetag.com
1 i.e-planning.net ads.us.e-planning.net
1 s.e-planning.net ads.us.e-planning.net
1 get.s-onetag.com cdn.pixfuture.com
1 static.cloudflareinsights.com cdn.pixfuture.com
1 fid.agkn.com cdn.pixfuture.com
1 aa.agkn.com cdn.pixfuture.com
1 www.google.com.au securityaffairs.co
1 stats.g.doubleclick.net www.googletagmanager.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 pixel.wp.com securityaffairs.co
1 secure.gravatar.com securityaffairs.co
1 buttons-config.sharethis.com platform-api.sharethis.com
1 stats.wp.com securityaffairs.co
1 platform-api.sharethis.com securityaffairs.co
1 t.co
0 cs.chocolateplatform.com Failed ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
0 match.rundsp.com Failed google-bidout-d.openx.net
0 cs.nex8.net Failed us-u.openx.net
0 sync-tm.everesttech.net Failed ads.pubmatic.com
us-u.openx.net
0 demand.trafficroots.com Failed securityaffairs.co
0 api.rlcdn.com Failed cdn.pixfuture.com
391 174
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-12 -
2024-01-12		 a year crt.sh
*.securityaffairs.co
GTS CA 1P5		 2022-12-26 -
2023-03-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.securityaffairs.com
GTS CA 1P5		 2022-12-26 -
2023-03-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
sharethis.com
Amazon		 2022-06-19 -
2023-07-18		 a year crt.sh
*.pixfuture.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-01 -
2023-12-03		 a year crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-14 -
2023-12-15		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.gravatar.com
Sectigo ECC Domain Validation Secure Server CA		 2022-11-23 -
2023-12-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-17 -
2023-05-17		 a year crt.sh
*.google.com.au
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.agkn.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2022-09-06 -
2023-09-21		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-04 -
2023-03-31		 3 months crt.sh
*.id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2023-01-09 -
2023-04-09		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-06 -
2023-05-04		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-08 -
2023-04-04		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-01-25 -
2023-01-25		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
*.sharethrough.com
Amazon		 2022-10-24 -
2023-11-21		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-12-27 -
2023-06-21		 6 months crt.sh
ads.us.e-planning.net
R3		 2022-12-19 -
2023-03-19		 3 months crt.sh
*.eu-1-id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh
*.s-onetag.com
Amazon		 2022-12-04 -
2024-01-02		 a year crt.sh
*.e-planning.net
R3		 2022-12-19 -
2023-03-19		 3 months crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA		 2023-01-09 -
2024-02-09		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2022-05-01 -
2023-06-02		 a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2022-09-07 -
2023-09-30		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2022-10-21 -
2023-10-22		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-09-27 -
2023-03-22		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2022-11-25 -
2023-05-25		 6 months crt.sh
s.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-21		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-05-04		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-20 -
2023-09-20		 a year crt.sh
sync-dsp.ad-m.asia
GlobalSign GCC R3 DV TLS CA 2020		 2022-07-21 -
2023-08-22		 a year crt.sh
*.ctnsnet.com
DigiCert SHA2 Secure Server CA		 2022-09-27 -
2023-03-08		 5 months crt.sh
*.jp.cinarra.com
Sectigo RSA Domain Validation Secure Server CA		 2022-05-14 -
2023-06-13		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
*.iprom.net
R3		 2022-12-05 -
2023-03-05		 3 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-11-08 -
2023-05-03		 6 months crt.sh
oa.openxcdn.net
GTS CA 1D4		 2022-12-02 -
2023-03-02		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-13 -
2023-04-15		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4		 2022-12-30 -
2023-03-30		 3 months crt.sh
cdn.prod.uidapi.com
R3		 2022-11-29 -
2023-02-27		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-12-12 -
2023-03-06		 3 months crt.sh
esp.rtbhouse.com
GTS CA 1D4		 2022-11-23 -
2023-02-21		 3 months crt.sh
events-ssc.33across.com
GTS CA 1D4		 2023-01-10 -
2023-04-10		 3 months crt.sh
tr.blismedia.com
GTS CA 1D4		 2022-12-14 -
2023-03-14		 3 months crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-20 -
2023-10-19		 a year crt.sh

This page contains 54 frames:

Primary Page: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Frame ID: BA27410F9AD6B185C96EF77B7622005E
Requests: 196 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230117/r20190131/zrt_lookup.html
Frame ID: 77E6C6BE64C3D0AB8CA6AEC919493979
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1674086136&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1674086135000&bpp=670&bdt=997&idt=1812&shv=r20230117&mjsv=m202212080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=805602959186&frm=20&pv=2&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31071637%2C44779793&oid=2&pvsid=4079479525170594&tmod=705239939&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1835
Frame ID: 6FF8629D6E2BCDBADA6C69C40FC4B0F7
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/pixf_sync.html
Frame ID: E5065ACC099D09192E4ECD4C8A84C207
Requests: 3 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Frame ID: CE5F64907818396F4345BF87E9DACF63
Requests: 8 HTTP requests in this frame

Frame: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D8FB390B2DB81C77CAF9CF36D651351C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Frame ID: 46B99C00AFCECAAE3612BC6F89F50FAC
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Frame ID: 2E6BAD41F5323B069BC7189CE9240D6E
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 37166044FCB887596E3059ECB3574743
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Frame ID: 38C3314A378E116EA543431C588F1B5A
Requests: 15 HTTP requests in this frame

Frame: https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AHx%2fv96BSeQzdaIa
Frame ID: 632500BE9DFAC9A8AC034F18809CEC4F
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Frame ID: 6D3D910DB1F794853C877D5B29A00B5F
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 88A0BD1036DD966AE7DC17BED934E05E
Requests: 17 HTTP requests in this frame

Frame: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: AA7549AFB70AAAE5681F37F312CD2A2E
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: CC80D97D90AEEB2B898A36C186974479
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 4ED9DA234467579118B7818F817608A3
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Frame ID: 8EC81EC788B5576F98CE43353B651014
Requests: 5 HTTP requests in this frame

Frame: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: F01AA60089A00BEDC1271E4FC854C5BE
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 867F500024C73AB1579C46CAF89789F0
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
Frame ID: 66F625637261073088DBF50F051FB99E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Frame ID: 331EDA881857728E76DC79C44AB1393F
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Frame ID: E853EB742437B0EB497585271A965EA7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=ymgksbd9958
Frame ID: B5A427671F5A3E38589BEC7591E661A9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6829783725336387995&gdpr=0&gdpr_consent=
Frame ID: 99B0A07B7737CD125C304713D5ACCD67
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
Frame ID: E19D3AF4EC00B769460C08BC3D5D2A4A
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: C339510426BCFEB138F90A49D48BDD82
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gOAn0L4xSOBWEzv8ZVODtWfR_og
Frame ID: 4D39DCEE93E587E2D5191329F84BC916
Requests: 1 HTTP requests in this frame

Frame: https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=pubmatic&rd=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyNTMmdGw9MTI5NjAw%26piggybackCookie%3D
Frame ID: 32EBFB1678C4D66975620D8C695786A9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=MjYocD1WDI6dIWGd_YbIYw
Frame ID: 95BA870B4778317B2378FD17E7927025
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 68A4086242A34BBB95089D593E5B0911
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95bd444efd664061ba2ea932188cbd2a
Frame ID: 7C206236017A21437748514496D45A5B
Requests: 1 HTTP requests in this frame

Frame: https://dps.jp.cinarra.com/pxd?PLATFORM_ID=D&USER_ID=5993FD6F-2052-41AE-959A-8C36066B8E0B
Frame ID: 9A4D518E3B1F5E5A774AB5CA5CA7128D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qkzkqtcro5i
Frame ID: 4D7D58B94A5E04650965D0BAF84D6469
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:pbTARIMb1Piiho5&gdpr=0&gdpr_consent=
Frame ID: 0AFAB485F6DE69D31AABD38E327DB92E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
Frame ID: C0E3B173F9D3D4F6ADA775879F7BED90
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=9da6e500-978b-11ed-8d63-e8aaf2555249
Frame ID: 0032A9EA9C827265195998891B2AC427
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 8B940A5D8DD540F2D4CE37563FAB2F26
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 64D74D2185062E451F1E21A33C44FC92
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: 7617BA994667BF0DCBFB3718C3E8DE76
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/banners/320x50.png
Frame ID: 4ADCCDBA115F646F33CE1805FE5AEC31
Requests: 1 HTTP requests in this frame

Frame: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C27D7AD077443BF622D01D6F94DA1066
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Frame ID: 77EBF753C7F3667B36EF6D075513D9F6
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: 111730960AD8ED8001367B8EB084C12B
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Frame ID: C836CBC71B5D5F398359E633307E4076
Requests: 2 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Frame ID: 7070FB9F6028AA6ECE38ACA3EDC76636
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FFA2DFC2D0613D9074CED135D90EAA3A
Requests: 9 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 4E5D4AEE50D96FCE2DE3DA88065A248D
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AED0FA53DDD2CCEFE38EE414306B75B2
Requests: 3 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=securityaffairs.co
Frame ID: 49FE182CF200A8D4FDC303351D69C392
Requests: 2 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Frame ID: 78E2F587377A5FB42539AFDC25E2229B
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Frame ID: 6B94DA55BD1EAF8B24988C72FE54DD11
Requests: 7 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 09B587F113575BF39CB9C62AD6EE31E6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D&gdpr=0&gdpr_consent=
Frame ID: D7100EEAE674812173D2EB87856800B4
Requests: 1 HTTP requests in this frame

Frame: https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=25&external_user_id=5993FD6F-2052-41AE-959A-8C36066B8E0B
Frame ID: 0AE43BF226ACC0BCE8E6E600F8FC04D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Aurora Stealer Malware is becoming a prominent threatSecurity Affairs

Page URL History Show full URLs

  1. https://t.co/YlqQdhc56P Page URL
  2. https://securityaffairs.co/wordpress/138851/malware/aurora-stealer-malware.html HTTP 301
    https://securityaffairs.co/138851/malware/aurora-stealer-malware.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

391
Requests

72 %
HTTPS

0 %
IPv6

102
Domains

174
Subdomains

113
IPs

13
Countries

2158 kB
Transfer

4659 kB
Size

185
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/YlqQdhc56P Page URL
  2. https://securityaffairs.co/wordpress/138851/malware/aurora-stealer-malware.html HTTP 301
    https://securityaffairs.co/138851/malware/aurora-stealer-malware.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&refDomain=t.co&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Researchers%20warn%20of%20threat%20actors%20employing%20a%20new%20Go-based%20malware%20dubbed%20Aurora%20Stealer%20in%20attacks%20in%20the%20wild.%20Aurora%20Stealer%20is%20an%20info-stealing%20malware%20that%20was%20first%20advertised%20on%20Russian-speaking%20underground%20forums%20in%20April%202022.%20Aurora%20was%20offered%20as%20Malware-as-a-Service%20(MaaS)%20by%20a%20threat%20actor%20known%20as%C2%A0Cheshire.%20It%20is%20a%20multi-purpose%20botnet%20with%20data%20stealing%20%5B%E2%80%A6%5D HTTP 301
  • https://l.sharethis.com/sc?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&refDomain=t.co&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Researchers%20warn%20of%20threat%20actors%20employing%20a%20new%20Go-based%20malware%20dubbed%20Aurora%20Stealer%20in%20attacks%20in%20the%20wild.%20Aurora%20Stealer%20is%20an%20info-stealing%20malware%20that%20was%20first%20advertised%20on%20Russian-speaking%20underground%20forums%20in%20April%202022.%20Aurora%20was%20offered%20as%20Malware-as-a-Service%20(MaaS)%20by%20a%20threat%20actor%20known%20as%C2%A0Cheshire.%20It%20is%20a%20multi-purpose%20botnet%20with%20data%20stealing%20%5B%E2%80%A6%5D&samesite=None
Request Chain 99
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Request Chain 100
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Request Chain 128
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Request Chain 137
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79 HTTP 302
  • https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79 HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%26partner_url%3Dhttps%253A%252F%252Fu-sin01.e-planning.net%252Fum%253Fuid%253Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%2526dc%253D0abbcb4eba840e59%2526fi%253Db48a155f91563f79 HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%26partner_url%3Dhttps%253A%252F%252Fu-sin01.e-planning.net%252Fum%253Fuid%253Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%2526dc%253D0abbcb4eba840e59%2526fi%253Db48a155f91563f79&ct=y HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&partner_url=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&partner_url=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3Deeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79 HTTP 302
  • https://u-sin01.e-planning.net/um?uid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&dc=0abbcb4eba840e59&fi=b48a155f91563f79
Request Chain 138
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Db48a155f91563f79%26uid%3D%24%7BUID%7D HTTP 302
  • https://u-sin01.e-planning.net/um?dc=ff96d1aa62deeebd&fi=b48a155f91563f79&uid=13eb4b6c-6e8f-4b9c-a2d1-b2b4170202eb
Request Chain 140
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Db48a155f91563f79%26uid%3D%24UID HTTP 302
  • https://u-sin01.e-planning.net/um?dc=8103fa85295fbe60&fi=b48a155f91563f79&uid=6829783725336387995
Request Chain 141
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=apac HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Request Chain 142
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Request Chain 158
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHiizJ-LnxF4_-8L8wzw_yA&google_cver=1
Request Chain 159
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&expiration=1676678140&gdpr=0&gdpr_consent=
Request Chain 160
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Y8iG.9f3KcCGVGHQ8T7zlQAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
Request Chain 161
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&dcc=t
Request Chain 162
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=XMWRLFLAlHdHlMQtD5PfJ1_HynZHlMojXs6r8liU
Request Chain 163
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ef5963c8-86fc-4200-963a-0d6e46b113f5
Request Chain 164
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent= HTTP 302
  • https://stags.bluekai.com/site/23178?id=esHapMWKYhvemw6edoLG&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD2ZLTJBQXATKXJNMWQ5TFNV3TMZLEN5GEO HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD2ZLTJBQXATKXJNMWQ5TFNV3TMZLEN5GEO HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=esHapMWKYhvemw6edoLG
Request Chain 165
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent= HTTP 307
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=d3b76a31-4cba-4f94-ab31-8a2d533a763c&us_privacy=null&gdpr_consent=null&gdpr=null
Request Chain 169
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined HTTP 307
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Request Chain 177
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Request Chain 178
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a&google_hm=MDUyODc5N2QtNDY4ZC00MWUzLWEwYTMtZWIwYjQ5YWMxNTRh HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJS-MfCLEIo47j2DKck9u6s&google_cver=1&ssp=sonobi&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Request Chain 179
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AARmS07HkQ4AAB9iFgkGyA&gdpr=0
Request Chain 180
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&gdpr=0&gdpr_consent=&google_hm=NTY0ZTBkZTEtZmU0Ni00ZGI0LWJiOTItMGNhN2EyMGMxNGM2 HTTP 302
  • https://match.sharethrough.com/sync/v1?gdpr=0&gdpr_consent=
Request Chain 181
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7190145226286823571&gdpr=0&gdpr_consent=
Request Chain 182
  • https://gu.dyntrk.com/adx/dstct/us.php?dynk=d4s3t4c3t&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dd5VvCLuDuN8u3E6oruPETyjE%26source_user_id%3D%25USERID%25%26gdpr%3D%25GDPR%25%26gdpr_consent%3D%25GDPR_CONSENT%25 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=d5VvCLuDuN8u3E6oruPETyjE&source_user_id=07030001_63c886fcd5d18&gdpr=0&gdpr_consent=
Request Chain 184
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=dc3163c8-86fc-4f00-8cef-a2d6e086023e&gdpr=0&gdpr_consent=
Request Chain 185
  • https://a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=lb4Mhmg4qGXQACswinIaZIvXw
Request Chain 186
  • https://s.amazon-adsystem.com/x/7318ffc0e8fa1d771446 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t
Request Chain 188
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=OWZjMzViYzAtYWJmOS00ZDRjLTkyZjgtMjQxYjIwY2ExNjYy HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEMLt0v8z1TD60PlhQQqNZ54&google_cver=1
Request Chain 189
  • https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=6JWgSS4Sw2lg&ev=1&pid=560288&gdpr_consent=&gdpr=0
Request Chain 190
  • https://x.bidswitch.net/sync?ssp=sharethrough&user_id=71d22e4e-c638-449a-85cb-97cbce9424c6&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy= HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=sharethrough HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=sharethrough HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=8588698492330147266&ssp=sharethrough HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
Request Chain 191
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=2c40e9b7-c90f-4920-beee-5949d681755b&pubid=0b24fdfc82
Request Chain 192
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Request Chain 194
  • https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=themediagrid&ssp_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-uqRSxZxE2pm1fJz8mYPyuUAvlPwlemmno7DltA--~A&expires=5 HTTP 302
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a&stn=
Request Chain 195
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=29ae63c8-86fd-4c00-852a-8d5532010346
Request Chain 197
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1972084068593236606
Request Chain 199
  • https://sync.1rx.io/usersync2/sharethrough HTTP 302
  • https://sync.1rx.io/usersync2/sharethrough?zcc=1&cb=1674086142204 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4557005118 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/2c40e9b7-c90f-4920-beee-5949d681755b HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
Request Chain 200
  • https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6829783725336387995&gdpr=0&gdpr_consent=
Request Chain 201
  • https://pixel.mathtag.com/sync/img?mt_exid=83&gdpr=0&gdpr_consent=&mt_exuid=71d22e4e-c638-449a-85cb-97cbce9424c6&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DsxJxpx7oBnWwaatGE8NyMg2D%26source_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=sxJxpx7oBnWwaatGE8NyMg2D&source_user_id=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Request Chain 202
  • https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%26partneruserid%3D%7BOPENX_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=3fbc535b-46d2-4719-8ecf-cc9db04a1ba0
Request Chain 203
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=9fc35bc0-abf9-4d4c-92f8-241b20ca1662&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WGh1MS1KV184ODVGQzMxRTFCaWw1dw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEAr6Y11JMqy2FnB9vE-ZfoI&google_cver=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=6JWgSS4Sw2lg
Request Chain 206
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3128058156106298774&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 207
  • https://match.adsrvr.org/track/cmf/openx?oxid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
Request Chain 208
  • https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ugAAFXS19wAAAAA
Request Chain 209
  • https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
  • https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYIyBSideVN-ks8ADzLRlYqH_s8AAAGFx09Ncg
Request Chain 211
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
Request Chain 212
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 213
  • https://match.adsrvr.org/track/cmf/openx?oxid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
Request Chain 214
  • https://tg.socdm.com/rtb/sync_before?proto=openx HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ukAAIyo1ggAAAAA
Request Chain 215
  • https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
  • https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ATX_61uwPpXNks8ADzLRlYqH_88AAAGFx09Ncw
Request Chain 217
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
Request Chain 221
  • https://pixel-apac.rubiconproject.com/exchange/sync.php?p=12186&khaos=LD2BNVRV-25-BIU8 HTTP 302
  • https://sync.e-planning.net/um?uid=LD2BNVRV-25-BIU8&dc=9bcc91305985f0db&iss=1
Request Chain 223
  • https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D HTTP 302
  • https://onetag-sys.com/match/?int_id=1&uid=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=1&gdpr_consent=
Request Chain 225
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID HTTP 302
  • https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=6829783725336387995
Request Chain 227
  • https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABhcdPS9bp78HfGN9XGkS_dPLGaDnt6ftmxw
Request Chain 229
  • https://id.rlcdn.com/711916.gif?ct=4&cv= HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=COy5KxoNCP2Nop4GEgUI6AcQAEIASgA HTTP 307
  • https://onetag-sys.com/match/?int_id=110&uid=
Request Chain 230
  • https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
Request Chain 232
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
  • https://onetag-sys.com/match/?int_id=106&google_gid=CAESEKdi-uPy2HtzwLcY1SWHGsE&google_cver=1
Request Chain 234
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
  • https://onetag-sys.com/match/?int_id=29&uid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Request Chain 238
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGuDhoBJG7RTD5lWVG7lFnk&google_cver=1
Request Chain 239
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQyQk5WUlYtMjUtQklVOA==
Request Chain 240
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD2BNVRV-25-BIU8
Request Chain 241
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=RmOKTRO7TDeChhw69TXv7g&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=RmOKTRO7TDeChhw69TXv7g
Request Chain 242
  • https://match.adsrvr.org/track/cmf/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=&expires=30
Request Chain 243
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=MZw79MAZR_yUnBE6yvJ2Ww&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=MZw79MAZR_yUnBE6yvJ2Ww
Request Chain 244
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWMxZWU4MDgwYmNlYTI3NjE1NWM2NmUyODkxNWQxNjdjYjBhYWIyNg
Request Chain 245
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/6gwtDBIRT2p_q9dcoYrTfcn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pwzEuqRE2oIRFwgslsJua9cGeMEYdgv4RRrJjw--~A
Request Chain 247
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Request Chain 255
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
Request Chain 256
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Request Chain 258
  • https://cm.ambientdsp.com/cm/send?vc=pmj HTTP 301
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=ymgksbd9958
Request Chain 259
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6829783725336387995&gdpr=0&gdpr_consent=
Request Chain 260
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
Request Chain 262
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gOAn0L4xSOBWEzv8ZVODtWfR_og
Request Chain 264
  • https://gocm.c.appier.net/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=MjYocD1WDI6dIWGd_YbIYw
Request Chain 266
  • https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95bd444efd664061ba2ea932188cbd2a
Request Chain 268
  • https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qkzkqtcro5i
Request Chain 269
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:pbTARIMb1Piiho5&gdpr=0&gdpr_consent=
Request Chain 270
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1674086142205 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8412802698 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/2c40e9b7-c90f-4920-beee-5949d681755b HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
Request Chain 271
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=9da6e500-978b-11ed-8d63-e8aaf2555249
Request Chain 273
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 275
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WZP9byBSQa6Vmow2BmuOCw%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 276
  • https://idsync.rlcdn.com/420486.gif?partner_uid=5993FD6F-2052-41AE-959A-8C36066B8E0B HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=8708154c996f15e9ee1f71cca71558192847a6704b10781586bd90c77c29d386791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA4NzA4MTU0Yzk5NmYxNWU5ZWUxZjcxY2NhNzE1NTgxOTI4NDdhNjcwNGIxMDc4MTU4NmJkOTBjNzdjMjlkMzg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI_o2ingYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA4NzA4MTU0Yzk5NmYxNWU5ZWUxZjcxY2NhNzE1NTgxOTI4NDdhNjcwNGIxMDc4MTU4NmJkOTBjNzdjMjlkMzg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI_o2ingYSBAgCEABCAEoA&google_gid=CAESEDG1vVZHgjA1bGd1EbEI374&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=0ab7265a-91a5-41ec-864a-ee8de7c78e44
Request Chain 277
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent=
Request Chain 278
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NTk5M0ZENkYtMjA1Mi00MUFFLTk1OUEtOEMzNjA2NkI4RTBC&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 279
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMl1WR-jKVQinFryMBPkaOw&google_cver=1
Request Chain 280
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D
Request Chain 282
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Request Chain 283
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=5993FD6F-2052-41AE-959A-8C36066B8E0B&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Nfrv0shE2uUw54CCeV5zW1MWg6SmpyE-~A&gdpr=0
Request Chain 284
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5046790675265509198
Request Chain 285
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0528797d-468d-41e3-a0a3-eb0b49ac154a HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0528797d-468d-41e3-a0a3-eb0b49ac154a HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=45136c68-77af-4ad9-b5b8-4a5fc1e6790c&user_group=1&ssp=pubmatic&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 286
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 287
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=168720cf344c20a4&is_secure=true&networkId=17100&version=1&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALXg1dbQ0riwNZlNa9AAAAAAA&expiration=1674172542&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 288
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6829783725336387995
Request Chain 312
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1
Request Chain 313
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8iG.9f3KcCGVGHQ8T7zlQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
Request Chain 314
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFRp_6jPGKosezB99_wfwac&google_cver=1
Request Chain 315
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgyOTc4MzcyNTMzNjM4Nzk5NQ%3D%3D
Request Chain 319
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Request Chain 320
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.4&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predirect%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D25%2526external_user_id%253D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Request Chain 321
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.6&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c87ac3c8%26us_privacy%3D%24%7BUS_PRIVACY%7D%26r%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D70%2526external_user_id%253D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Request Chain 322
  • https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dthe33across%26bsw_param%3D0528797d-468d-41e3-a0a3-eb0b49ac154a%26gdpr%3D%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=805f7fa5b68f4a4090c50dc3f4a7352a&ssp=the33across&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&consent=&gdpr_pd=&expires=7 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=0528797d-468d-41e3-a0a3-eb0b49ac154a HTTP 302
  • https://events-ssc.33across.com/match?bidder_id=10&external_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 323
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dg%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D1%2526external_user_id%253D%255BMM_UUID%255D HTTP 302
  • https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=29ae63c8-86fd-4c00-852a-8d5532010346
Request Chain 324
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D HTTP 302
  • https://ssc-cms.33across.com/ps/?us_privacy=&xi=45&xu=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155 HTTP 302
  • https://events-ssc.33across.com/match?bidder_id=45&external_user_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 337
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=pbTARIMb1Piiho5
Request Chain 340
  • https://bk.r-ad.ne.jp/3/cs HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=537097918&val=52VNth00ZBDAY008ZSWp
Request Chain 344
  • https://rtb.openx.net/sync/dds HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=9WNOn36WwVsvKT4WRUD63A==&ox_sc=1&ox_init=1 HTTP 302
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Request Chain 346
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fjp-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://jp-u.openx.net/w/1.0/sd?id=536872786&val=29ae63c8-86fd-4c00-852a-8d5532010346
Request Chain 351
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LD2BNVRV-25-BIU8 HTTP 302
  • https://ssc-cms.33across.com/ps/?xi=1&xu=LD2BNVRV-25-BIU8 HTTP 302
  • https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LD2BNVRV-25-BIU8&ts=1674086144&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 353
  • https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID} HTTP 302
  • https://openx2-match.dotomi.com/match/bounce/current?DotomiTest=38301584b0d01b1d&is_secure=true&networkId=15900&version=1&nuid=%7BOX_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAALXg1dbQ0rzQMFX1vDAAAAAAA&expiration=1674172543&nuid={OX_USER_ID}&is_secure=true
Request Chain 355
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=DBC010B964614E7AA4882A163626B83D
Request Chain 358
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1&google_push=AavPq0PvUFBWm71JE2y-Pt3yKyq6Cj40cxdzMHlpehoh48RA-tglqcb0WsyE55HxoAMTOdPCucVBl6edO-3uwpLITuezY3sGcNs HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzA1NjAwMDU2MjA2ODM3MDgzOA==&gdpr=0&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1
Request Chain 359
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBosTxMWy-4PqT_YJX5bgTs&google_cver=1&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_eIdbIPlZ8iidgJ-_irEuziJ9lIUsw3WFqLUaQeVT9hZ HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_eIdbIPlZ8iidgJ-_irEuziJ9lIUsw3WFqLUaQeVT9hZ&google_hm=MUtbjrwePdRvzFSpOjOz5w
Request Chain 360
  • https://cs.r-ad.ne.jp/2/cs?google_gid=CAESEBkTBGPQIpx46Ra_LqQ5_1U&google_cver=1&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rcrt&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA&google_hm=NTJWTnRoMDEwQkRHYTAwN1FudXk
Request Chain 361
  • https://dynalyst-sync.adtdp.com/pixel?pid=10&google_gid=CAESECJAh4mUNmqEbg6Ia_D3Hes&google_cver=1&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASLL8i1BgmpJtiI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=cyberagent_dynalyst&google_hm=MTAyOTUyMjM5NzA&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASLL8i1BgmpJtiI
Request Chain 362
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEAlbSC1nH1QTW0Yef9wJ2kQ&c_param1=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs
Request Chain 364
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEBz_xMH954A38Gh3wo6EVXc&google_cver=1&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLCIyKMMPV5OcZPWKTJet7m1NwvQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLCIyKMMPV5OcZPWKTJet7m1NwvQ&google_hm=ZXNIYXBNV0tZaHZlbXc2ZWRvTEc=
Request Chain 377
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Request Chain 378
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D&gdpr=0&gdpr_consent=
Request Chain 380
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=5993FD6F-2052-41AE-959A-8C36066B8E0B HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%2C%2C
Request Chain 382
  • https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0 HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-.WWi_RZE2pzWDSmkPytiMjLzlcJ4LsRLXmQ-~A&gdpr=0
Request Chain 385
  • https://sync.srv.stackadapt.com/sync?nid=lotame&gdpr=0 HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-80e027d0-be31-48e0-5613-3bfc655383b5$ip$103.209.254.136&gdpr=0&gdpr_consent=
Request Chain 386
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
  • https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=2c40e9b7-c90f-4920-beee-5949d681755b/gdpr=0/gdpr_consent=

391 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
YlqQdhc56P
t.co/ 		395 B
704 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/YlqQdhc56P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_l /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
223
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:30 GMT
expires
Thu, 19 Jan 2023 00:00:31 GMT
perf
7626143928
server
tsa_l
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
5efdd24d34a3b32ecf2ad38eeca69fe07735af490accadf5afdbc153a4be1d77
x-response-time
182
x-transaction-id
7d8ffa77d1dda4dc
x-xss-protection
0
Primary Request aurora-stealer-malware.html
securityaffairs.co/138851/malware/
Redirect Chain
  • https://securityaffairs.co/wordpress/138851/malware/aurora-stealer-malware.html
  • https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
83 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Requested by
Host: t.co
URL: https://t.co/YlqQdhc56P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.60.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d45db408994999adf9688f95a67bd5aae74569c4dfed196fcf251ccc72dbb554

Request headers

Referer
https://t.co/YlqQdhc56P
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-edge-cache
cache,platform=wordpress
cf-ray
78bb431a4f605ab4-MEL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 23:55:33 GMT
link
<https://securityaffairs.com/wp-json/>; rel="https://api.w.org/" <https://securityaffairs.com/wp-json/wp/v2/posts/138851>; rel="alternate"; type="application/json" <https://securityaffairs.com/?p=138851>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajhjVmvnKnFIcpHPMNQOb72jeEitGbvruLU6TqP4jB2gfZ3bJ5N4fUyjlGHYv3S7I2a94yaV2Q6iVWtQa30GpZcRvhx7rt3A98rQIj33cQINdoJMa59Fm1J3TcQNC7xtxVfZJ24%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-pingback
https://securityaffairs.com/xmlrpc.php

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
78bb4313efb45ab4-MEL
content-type
text/html
date
Wed, 18 Jan 2023 23:55:32 GMT
location
https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEF8URFslRqQv1rU6tHUvLisAGlO9OnNhGzt7Wu33C%2BwlSjtiO%2BXP6xH1P41srJmFp0M92LazElgliYaz81YHJ64EUbPfBh3YtZKkQZgbdDuPrZ%2BFYALmjLkoO%2FHCia%2Bppmz2gY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		143 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
037abd1c12506bf4b36bd1fbb352b7c6ebdf2e2229c3e34b5a4718d3de697421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49350
x-xss-protection
0
server
cafe
etag
17028759110452040664
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 18 Jan 2023 23:55:34 GMT
twemoji.js
securityaffairs.com/wp-includes/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/twemoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df9b100db3fb74727ea1dd954c35815bc4abeb3ff0562d47878f29f5da0848af

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161026
cf-polished
origSize=32400
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 25 May 2022 22:59:02 GMT
server
cloudflare
etag
W/"628eb4b6-7e90"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBmPKkRmruPA%2FqgN5pxlRIsfCFQ9ySOwRRYumUMCeUyl2PUirdceQ2raRuruxu9740KUGqIeQ6LMmPcjVqTTmefvFeXz%2F1slutNm2Bb66Kyz09dnbZ7iEZaiqDGaCrl5aVgyP5dq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4323aaec2b37-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
wp-emoji.js
securityaffairs.com/wp-includes/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4d15af9bd67fe77ac0050ac96a9cc9e173c23fbe76a8a144e29566e57fdbb41

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
539187
cf-polished
origSize=8989
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 31 Mar 2020 22:49:14 GMT
server
cloudflare
etag
W/"5e83c8ea-231d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MNScDc5o3YOb8LnNqOKIoXhuGsVJu9z9EdvWf4Fn0nxmh3Nv1Hu%2B%2FPuPWIptD3aAieHXUqurgAH2jafEjsl5EEBh4DU3JrlebO8kOYn5c5HsFkIGx9fvILw5czxiMpQVjPX829r"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e325ab4-MEL
expires
Thu, 19 Jan 2023 18:09:08 GMT
style.css
securityaffairs.com/wp-includes/css/dist/block-library/ 		94 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/css/dist/block-library/style.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7746871b06216ef2d442ad014085d0ed7d3e7b27f24e4feb84fca8428a45a4f7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=110285
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 15 Nov 2022 21:49:08 GMT
server
cloudflare
etag
W/"63740954-1aecd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83jE4ehvVboFIBN0D2z83bTpzxeGzjNCEbK05gkRwsm80RQy%2FluvLoUAMha1if3XCBpS%2FoniP9sVF%2Ftv0wtAj3oJ3Xl8ox8tFt2qGt%2Fk3qzYNsU5FgwoSyuj3eLNOAm1jOq2FqbI"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a402b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
mediaelementplayer-legacy.min.css
securityaffairs.com/wp-includes/js/mediaelement/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161027
etag
W/"5fd15e34-2bf8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFbaFqFalETfzXkRUlVSu%2F%2B3HHGiwwhMZqn8zHMYod5QeF1sE5y0uN%2B0wV3j0NyJUFHKW83BhZEAAkpeOJgJx%2FBTRatnZ3io50m08s1s0%2BZ32GGyntO542iyoOet5pka85jozbDf"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a422b37-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:47 GMT
wp-mediaelement.css
securityaffairs.com/wp-includes/js/mediaelement/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/wp-mediaelement.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=4960
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
cloudflare
etag
W/"5dcc9728-1360"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMQ22f1v6%2BSanw4TIfV2zlHQ3qgA6HuVxQ6yCieHxHLsvo9Wv8WC3sQ94D7ENT74qL9jqSjWvXDXJU0qDq5FcqEAPg0SvseeODadvJzxSqL9IllDGFluW2nSvkqQajFsPG0eTFvR"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a442b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
classic-themes.css
securityaffairs.com/wp-includes/css/ 		183 B
695 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/css/classic-themes.css?ver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a91e5afb93443b1b21fba2c54d1393e83a9220bafc8a2ad144c9279426d6b2da

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=638
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 03 Nov 2022 22:28:24 GMT
server
cloudflare
etag
W/"63644088-27e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stnyycXUCYxZlKspcgfefquRj2eV%2BUbJ5EilFdUl3d9R8zA5ERz6C%2FIiyferCGriroCvXIlIujonDhuXyMwLR2Y6YHAUkpQ7riIujvnn0Bg5Vl6BrNqwXkOABaGXrUJWDdgwAUPg"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a462b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
78777
cf-polished
origSize=3106
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 04 Jan 2023 00:35:43 GMT
server
cloudflare
etag
W/"63b4c9df-c22"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAM6qQa2VMqSdLf9glt91%2B%2Fl%2F0WfT11Fj1kq6T3gsgXC%2BKYz1W%2Fvl6TSP3Cs9rQQwrJvsJB9jAITi1j3yj5SawBrGzUWCfVFr7ZAnd3dNHyZNHPFBthm3Dl9qdRDei08XVb6w2DD"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a472b37-MEL
expires
Wed, 25 Jan 2023 02:02:37 GMT
cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
78778
cf-polished
origSize=27249
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 04 Jan 2023 00:35:43 GMT
server
cloudflare
etag
W/"63b4c9df-6a71"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOHtCd%2BrVXZ41Ausi96I4ZDZ3oEjXH3aYzWAn4bjzc2qyvZ3oX6MXueJV%2FpQrDmwhQBs3OBtSRm934sBPx1v86xxBcH14yzxaHrcw3Iqf0V7QXVdscb8Co1D2BUsYnWexmEMQHGE"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aadf2b37-MEL
expires
Wed, 25 Jan 2023 02:02:36 GMT
custom.css
securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=19858
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 13:54:59 GMT
server
cloudflare
etag
W/"56716d33-4d92"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xuGE0tgZJxfC%2Bc602OBVlpDLxNo5H0o8lLEAVcJAY4bZRci1uqVNvlbDUpSw3a3I9BYO5BlpKSugIdk0NR8vx2S49zQGvZZsrlZf1gdVZL2Jk4JdG6G7jHsXGP46asyJty2wuDCe"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aae02b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
tipsy.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		461 B
507 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=539
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
cloudflare
etag
W/"56710b7c-21b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RojjLFlqFJt40XeRl3VtmwJ%2Bi9CM0rDl1SXSU6fKFVZjhCpDK7WFh0XqYCKY4xlxsSR9lJsIROOUYvNj4xuLoHKUWPEART1a%2FZyqSTfu3LW0JdYgRvYgSgbuG8tG76u%2BuyWpz3TS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aae12b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
flexslider.css
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=6225
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 13:55:09 GMT
server
cloudflare
etag
W/"56716d3d-1851"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAm1BkOdiwyFVZyHv1oV2xAmIDjZjQy1eqz6yKyxwxrbzCJSfdisY3b4f5itMOIlOAwpL7VnmhaY%2BnI4QstRJVZfLjiPM7oDtNuoj9p1bX66B%2F1A6nELZK3itzfd9zwU2vMurj3W"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aad82b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
animation.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		1 KB
628 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=1716
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
cloudflare
etag
W/"56710b7a-6b4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qun%2BXJEy%2BtnuFLFMZ%2BmXiEydTWExQOU%2FN5UFGzmXiLzqyQwr9ll9HL8se8PPvj%2Bpmt0uWGHDoqnKT3%2BPfEykst2qr0tsJXLYNIlL2QQe7Rwn3Wsd5GmEFMj7eNfYTrA1%2FuSXbTbK"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aade2b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
font-awesome.min.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161027
etag
W/"56710b7a-4574"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNRqZIYHvM22wjBHpou00lOmaerMIC3L11vzNlJnS4mitNJF4Hhw5LNb7Jk1nNyW%2FNccpIQtfruyGxCdtP7msElqoJ0S7X9zJdz%2BiRHiOrGffNzwWdnWtTX%2FR4zdK%2FmKRgj2GUdV"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a4c2b37-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:47 GMT
swipebox.css
securityaffairs.com/wp-content/themes/rigel_old/js/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=4493
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
server
cloudflare
etag
W/"56710b8a-118d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkcCdw1AtMubXs6AdBqN6K35fS8NWJkGKuuvK%2FK4Yynwo9KByFycWFFCpzpEyOooir9jO6FXhhupsj5nXdB2gJ4stt%2BdjEATx4D58RXnsa6ave5SqOd2dfJgbt3ZTDLPMwlgXIUt"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a4a2b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
jquery.circliful.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		264 B
458 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=334
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:02 GMT
server
cloudflare
etag
W/"56710b7a-14e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yg3dV%2BbKRKuPNA%2FFQ2xHhpipOwsGd9BYjKggaieRAXIdWsLzKmgYLYGNXKoC8SzA1LDPkBmVFIVSKoCMJWCz09LFifDjPbFrDOvJS7A03g2R%2F3l48QIBEMSSXYlQTdLnSYFsLl0N"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aadc2b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
screen.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		95 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=112708
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:04 GMT
server
cloudflare
etag
W/"56710b7c-1b844"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYY8dOkmN6VylxI4spAdIzhSIYnCkvrNpp0HY%2FyyHkyW%2Fv%2FM7GKM84IVEX%2FYRNJAxxF66FEM%2FOvNE73YCPTbOSMRurOLYIOhETjxAJ8zdQvW5FhW7fu4BX8zD4uluspuC8tA9uMU"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb43232a482b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
custom-css.php
securityaffairs.com/wp-content/themes/rigel_old/templates/ 		12 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

cf-edge-cache
cache,platform=wordpress
date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bulUUG%2FbMrQiYfNjduH9jO6FXlto1%2BLgo9ehST%2B6kvBAzzVMBKqG8BQMCZsk0JT1BKzJOLy7FlPw%2FVyd0ccyJS0xtz0zUocNrUVjAQrJW5pSatJYN9v5mIwPJUejIUXAgU52hGJo"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset: UTF-8;charset=UTF-8
cf-ray
78bb4323aada2b37-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
css
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
e1b1c54ba41cb13001de23642265da817473b2f3c8c0789eed1bb8d560c42110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 18 Jan 2023 23:55:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 18 Jan 2023 23:55:34 GMT
css
fonts.googleapis.com/ 		3 KB
532 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 18 Jan 2023 23:02:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 18 Jan 2023 23:55:34 GMT
css
fonts.googleapis.com/ 		4 KB
629 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
febc1e8fbae9b78e392e33110088051ce7f8168aa0ca6c43aadec0458774045a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 18 Jan 2023 23:55:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 18 Jan 2023 23:55:34 GMT
css
fonts.googleapis.com/ 		3 KB
627 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
67596f497ba9670488a07493b079a6c8d32fb1714209db992e1e32a99c4dffe5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 18 Jan 2023 23:55:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 18 Jan 2023 23:55:34 GMT
grid.css
securityaffairs.com/wp-content/themes/rigel_old/css/ 		43 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/css/grid.css?ver=7f328e8ac89ab883d5ef4a32c2877c9d
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=50674
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:03 GMT
server
cloudflare
etag
W/"56710b7b-c5f2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pC1jb8UwfO%2F73j4hCN3O9Nl5N38nsk%2B3AQkJzz7GvrTCrrHHWXTn6FonNuokngVqWRTAc1s8NHAuQGjoxpzhcL3lwOn2LW8XywfbPPyUWNm39hnNGRB42BgaWMFLePYV4Rv%2Bu3yv"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aae22b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
sharing.css
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css?ver=11.7.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64de1a6e6afd4e2be0cf6e0fe152b358dd55aed4c7b55b4c6dff09daa3eadc7b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61873
cf-polished
origSize=18833
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 18 Jan 2023 06:41:54 GMT
server
cloudflare
etag
W/"63c794b2-4991"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNI0EbVynkxfNJ1eAlyusLdbswi6p4d%2BIFm%2FS%2B6%2F5GnePkvldNumBiHe1ti1mJTYLCJsR7eS9CK9P%2BYmzvBGc5CFU16soz%2F7IHs9N65Mrn7PeYcCZl5TMYUZA%2FJkFlIQosTVseJn"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aae42b37-MEL
expires
Wed, 25 Jan 2023 06:44:21 GMT
social-logos.css
securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/ 		12 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.css?ver=11.7.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0b80fefeeff0400f4fe64b20c3976604253a7e0c7326d4414db2567063da9fe

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61873
cf-polished
origSize=12591
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 18 Jan 2023 06:41:54 GMT
server
cloudflare
etag
W/"63c794b2-312f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PcDWv8amrPx0OuXnIuWdaG94tZ6z0%2FkqMYkWL%2Fzr2DgtX3Yowx16bolkMljaI9FCBaXR2fRfYDGvkH5tDxxVr7kdXVUk2mS9nnng2%2FMZrJslFUeb02OLa9ip%2F91uNdcGNbHDiRRI"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
78bb4323aae52b37-MEL
expires
Wed, 25 Jan 2023 06:44:21 GMT
jquery.js
securityaffairs.com/wp-includes/js/jquery/ 		142 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery.js?ver=3.6.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76b80e4baed88d2e1c71b8a931fec61291cbd8e753df21d8b87698a23f5a5a42

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=289832
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 03 Nov 2022 22:28:25 GMT
server
cloudflare
etag
W/"63644089-46c28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPrep7kVX1UbS7YP5al0S7nffxiLv8HQd4ShVHiaPZhH4xpqV2t%2FgRnCbu%2B7E9pDqKr%2FBpG1bMlA5Y6xvhZ%2BLq4fHlnRnUoSUxapOQZ9ZHR3U%2FuiRjARJLktBFI9P41hObsZTIL0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4323aae62b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
jquery-migrate.js
securityaffairs.com/wp-includes/js/jquery/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2811cc6947c52b0c5e2cedc3d408bf612fece6c845c8f5ba4031f18db840518b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=25300
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
server
cloudflare
etag
W/"5fd15e34-62d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0HkVJk8nuoKcTJnFqNLRGbIe%2ByYVam2Dgm3wUVfbBuoSZ5GCMnnOG4BSmfKIW57Gn%2B%2BdAooUu%2F6ifgfmlqwe%2Fsa%2FxGE9U6THuNvm0iKcc%2BBD80TTvodRfjj4BOpnKRZEtCct1ZC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4323aae72b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
cookie-law-info-public.js
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.8
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
78776
cf-polished
origSize=34179
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 04 Jan 2023 00:35:43 GMT
server
cloudflare
etag
W/"63b4c9df-8583"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjC3UGgKVHpPboKY4uYKb%2Fj8evdZfxDrh68ZdkwPErvFgQ31k8t72OyS4IPjhOTHZ9yzPyt2MqgFIBae9bCMN2pYSL05EWUc8PqB3K8jgEAk6Q6dFjSexU078i0ve2%2BCaCpcsQQd"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4323aae82b37-MEL
expires
Wed, 25 Jan 2023 02:02:38 GMT
medianetAdInjector.js
securityaffairs.com/wp-content/plugins/media-net-ads-manager/js/ 		486 B
585 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.13
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0c3413a3d6060b291b7ee51b22fd99d7467cce66bb78b0907bd61f2e24e9f1f

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=562
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 08 May 2021 23:27:41 GMT
server
cloudflare
etag
W/"60971e6d-232"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siBkE1QaMuGQjqQAfwZg%2BcgI8j%2FYtn6VVqrS8PvpWVrYlDcTiMK4XuGnl0L%2BVrZ7TqszSleNpgvgHEbUQaaewvoychdL%2FpVzo7vITz0nJ1fdHP0ApPMfPmB7DICJE6hp6I11TX8X"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4323aaea2b37-MEL
expires
Tue, 24 Jan 2023 03:11:47 GMT
sharethis.js
platform-api.sharethis.com/js/ 		193 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.88.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-88-41.sin2.r.cloudfront.net
Software
/
Resource Hash
f2543598ef1f4ead06a604ac151e0466dd405bd6fcce02c9074567066eb89085
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:50:36 GMT
content-encoding
gzip
via
1.1 2a08551383b826c5272c6d3873169312.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
SIN2-P2
age
305
etag
W/"30217-4R/x1mcbHYoN8J5L8eO1d9Nv/qY"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-cache
Hit from cloudfront
x-amz-cf-id
4ZD8WkbtzWqqRzw3H8Yn97BAM3uwrgmh4fWyVMrMOMorbyWBF-30Mg==
headerbid.js
served-by.pixfuture.com/www/delivery/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.253.218 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
b1bbcbe855eb69dbca752b0ccfdbf8d9015f37906a46763ac3aa8e54279de3c2

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
last-modified
Tue, 17 Jan 2023 21:06:17 GMT
accept-ranges
bytes
content-length
3009
content-type
text/javascript; charset=utf-8
Aurora-Stealer.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2022/11/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2022/11/Aurora-Stealer.png?w=680&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
5ba66be93175d955c5a371d9fd1e4e0255c69cefa609768372f0647ed5d3668d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 1
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Wed, 18 Jan 2023 22:48:36 GMT
server
nginx
etag
"1b29ab6ddf297f12"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2022/11/Aurora-Stealer.png>; rel="canonical"
content-length
15812
expires
Sat, 18 Jan 2025 10:48:36 GMT
git-logo.png
securityaffairs.com/wp-content/uploads/2023/01/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.com/wp-content/uploads/2023/01/git-logo.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1380a094312203899470d336f0f471e544694cdd4d20e4788f3ab2e8949508a4

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6728
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5524
last-modified
Wed, 18 Jan 2023 20:02:23 GMT
server
cloudflare
etag
"63c8504f-1594"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cte%2Boo2PFePfWUkFwzGPW4j%2FQ38SkAGsY%2FslpN4pSZ%2Fp7CS6U3cCufbtuCDoHOKwtCtpxbVySHd713i%2BQ5r7Vo3uAVw8jI4fYqZZB259xja%2Fb3C5EGYX1tlJbZMb3m8kAo7u%2Fqf0"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
78bb432c3e335ab4-MEL
expires
Thu, 31 Dec 2037 23:55:55 GMT
Netcomm.png
securityaffairs.com/wp-content/uploads/2023/01/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityaffairs.com/wp-content/uploads/2023/01/Netcomm.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0781d57c0ca31253351ec37aba09a8e21b46522d64fd350e763cee3f7f17ad42

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
30558
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
last-modified
Wed, 18 Jan 2023 15:17:31 GMT
server
cloudflare
etag
"63c80d8b-1144"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kugovJDwDAw1%2B5LwLDk8tcNMV5jp985vn5Jjlo0GNDyEaeOFGh3zoMgVO6GWqbWJDmHF0DVvNkCH4SwnuXPkD5pon3Y1eA8PXwK3F%2FbRt0MZX2sA09Q8AMvtvbSydNSdE48B0UnT"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
78bb432c3e345ab4-MEL
expires
Thu, 31 Dec 2037 23:55:55 GMT
DoJ.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/DoJ.jpg?resize=300%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
f97c77ba3ac2c903a3a208709212cbbe05bda90142574fe71786e3e30b49d2cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 3
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 06:04:28 GMT
server
nginx
etag
"e7638e09f5778133"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2015/03/DoJ.jpg>; rel="canonical"
content-length
11716
expires
Thu, 26 Dec 2024 18:04:28 GMT
email-decode.min.js
securityaffairs.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.co/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.60.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 13 Jan 2023 23:34:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63c1ea70-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RqqrDHerIXJh7DFyZ%2BlhdfihfBgzcmmsVfm%2Fk08IKvW4Yaz6GcKKGMz%2Bv9LyhlVq25V5t8CKwyEDfATFmhqZdav9DZhiC4F3H79m3Hw4gp8yusxIYw5aZ5AvRQFVPaUJ16OrMUo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
78bb4327fb435abc-MEL
expires
Fri, 20 Jan 2023 23:55:35 GMT
js
www.googletagmanager.com/gtag/ 		234 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
53fb5d086c5355075f9ed96179114e4edeee88333552a2ae02374c60565b166c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81862
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 18 Jan 2023 23:55:36 GMT
photon.js
securityaffairs.com/wp-content/plugins/jetpack/modules/photon/ 		927 B
782 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=1760
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 11 Jan 2023 00:37:29 GMT
server
cloudflare
etag
W/"63be04c9-6e0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BP0rQKCPtuo3rMed6d6fXgufA0uZdugDDVBNEWhpgmvMZQbJEsKfJUs1s%2Bb%2BfdIsOnmukaVxGv33EbPIVKJfWYIcQHGsJg%2BVr6bYnweH1I4WxTrFSnEZMsNhBEqgThkzotzGyVL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4328892c2b37-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
ssba.js
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1671143364
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=3110
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 15 Dec 2022 22:29:24 GMT
server
cloudflare
etag
W/"639b9fc4-c26"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2D2008GRE3lxP9vOawTxxRTnMWXINLVVrlVXAiczfbgjKteP32QhFBvj7e5twRdPtDpJeVlvxg1K1FszH0dCtT%2BKGtE3r2ruG0VLFSe21rP0tR%2FPSa4q9VaYDT1FrR59Wqc1iXrJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432919e72b37-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
hint.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		467 B
809 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161026
cf-polished
origSize=987
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-3db"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiBu8%2BFNsvlCWH8ej%2FUoLqGJ0D8FsxMbCpgnO0O8%2FmNpPZSNdzTWAm7jymYGtchvoFfqLLhQYuAYrJNSaYMuKOiKe%2BWp6%2B5zRmz5ftD3GJ5wZOUD1XPcxFABSHO6cSTcpmF6DmSq"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb4329bb505ab4-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.tipsy.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=4371
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-1113"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ivS5Piakq8YuSBtJCQfKii4SzYs%2BF9f1QMlZXb2vj54HQs8aKq0xgVScHowHOngxh6fidg%2Bnugk1pAbKCsqLzJJBzBzgCw4KZ4Eq7pvPBSvLx5v5CA0IDlQMWeuyjNM6LDsSLrU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432a5bf15ab4-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.easing.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161026
cf-polished
origSize=8097
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
server
cloudflare
etag
W/"56710b89-1fa1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvOX1k1TMeNcU4VrTghMpHi2T6yRuYBzDRIidR5bTA4Q58pqPQyigYNd%2BHb%2Bq6DpWeY%2Bddr1O7RT6sriOOIKJYoLp8guaCsqkrVLIb7F9eYoj1KkKE%2B%2FhVOYRXugU4%2B1hfygVQoS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432aeca75ab4-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
browser.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161026
cf-polished
origSize=2614
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
cloudflare
etag
W/"56710b88-a36"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FiNd70%2B50K60yL53YliKU8fDlZmOeeJjX0ZBpDnzRvKont2UOJL2BljEauxxRVowaiBwmKGCexOXzsOsm9J2%2BfZO4V4q1LXLeLTH8%2Fwqq4rrL0VQ1y9oU0Gj6fBa3sHhbxZvhR7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432b8d625ab4-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.flexslider-min.js
securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 13:55:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56716d3e-53ae"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l1WSHCur7bcPH76PazavKd3Ead%2FcWETaQCzSNV9gzi7XNDoCTK0pbr4qbbdmjUpZljMJCoZ3TqxLaTwzXSmROk116QwJTWzk5Y0nwsbK%2B7F%2BNHeQNuUd2o4RH%2FsAAl6SvmUFpHEp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c0df65ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
waypoints.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56710b8a-1f6c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBGnhxv1zTD1uKyPn78fYIqZUm3alQfXeDbg4PzXqMZLHHMl1%2BoS0siMyNTBo84DpLrq2JKZHSzH0AmpRslD%2FWlwNSE6qsKZzmoPTBi4%2BEpaA7zmZ9%2BodVr5AlUL%2Fn5RRrY23v5N"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c2e255ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
mediaelement-and-player.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/ 		69 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 13:55:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56716d42-11571"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3ZEwtFpMSW9teQlFzkGyselETm%2Fqg4GI9NagyfzPl5PQL%2BSTEf5w%2Fgz24wZdr8CZUHI2M44ne4Ld%2F6hdYbD9tixmLnXtf2ldSp2mkzIq%2FHs9UOcOQ8e0BUlbDlMEe3Xshuf1tqz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e2c5ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.swipebox.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56710b89-2a67"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djDTiDHButGaTm3AQ2gvbEJVxwGI9Kr4qlgmSVSz83gk3YHBeUCABxWsj4BKj034PVYefhhayHWLZgy28n%2BG97rjZa0gPisKlNuBHlwyrG5Lo8P0PDHGUMngIq9QQW2QC9ozy0Sm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e2d5ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.circliful.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56710b89-c18"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MywyhYwwSbqEiIKAct35kigzmPOAdZsmJDAHIK7SXGh%2FnP1g8Mzolx%2BhlX2CJR3HpAMEzvEyhwN5qlJEvSZHx1IH9BUtwozZF0gfMkiIQZJ2wSfpuL5WddhEqHjBlxeZ%2FEC1%2FrEU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e2e5ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
jquery.smarticker.min.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 16 Dec 2015 06:58:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
161026
etag
W/"56710b89-3225"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7%2FeQQEUZb77D1c2GakZnGp3pNqoWIurTcAJAO%2FDxnsRlgGWtiKrDo%2F%2FOFE3DqJP5pAM3RDXUa1DUzJJBxwTRvZsIdXkFRaaW6jZuzpvTXy7sB%2Fgml8KAKl0MwSffNtjffE5Qyir"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e2f5ab4-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 24 Jan 2023 03:11:48 GMT
custom.js
securityaffairs.com/wp-content/themes/rigel_old/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
161027
cf-polished
origSize=12756
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Dec 2015 06:58:16 GMT
server
cloudflare
etag
W/"56710b88-31d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BrTv6%2B3ZYK7tWqC2srhXgjieOp%2BmMaBbWif9fK6e6kK9pMJ8wwQm3ihjK%2Ba7eguk20IUd7OXE6uwHJ11DXErHce53Xdk0g%2FC8j0%2BwrXuzLsY2Ml6L7br3LqodvUyPt6JW27svb2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e305ab4-MEL
expires
Tue, 24 Jan 2023 03:11:48 GMT
sharing.js
securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=11.7.1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.211 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db67ffb5ecbc409608c61e071bd1fd7cd6c24e21f87b4184089283147e0750c9

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
61874
cf-polished
origSize=17831
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 18 Jan 2023 06:41:54 GMT
server
cloudflare
etag
W/"63c794b2-45a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JSSXAJISxJDN063Hz1%2FL7LdgFqyBUxeu%2BXnhx3aFSXzjYxQlF8lpiO9pwyXloV7GKYpTwrKdjDiZplvpfrRLxlf6%2BuOGUBPdJFrdypnh3MVCQIhlQXaLgrGilIGEjYiiK84qkJHz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
78bb432c3e315ab4-MEL
expires
Wed, 25 Jan 2023 06:44:21 GMT
e-202303.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202303.js
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd
date
Wed, 18 Jan 2023 23:55:35 GMT
content-encoding
br
server
nginx
etag
W/"61adb080-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 14 Jan 2024 14:33:09 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/ 		355 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/show_ads_impl_fy2021.js?bust=31071637
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
2265349f87505b659af089e9d0ddadc2d7b6afbc8036055e23651e1bb3f69a8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119726
x-xss-protection
0
server
cafe
etag
3828605846600149100
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 18 Jan 2023 23:55:36 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230117/r20190131/ Frame 77E6 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230117/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

age
1903
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-length
9772
content-type
text/html; charset=ISO-8859-1
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:23:52 GMT
etag
10353107486223812946
expires
Wed, 01 Feb 2023 23:23:52 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
63aa5463b92caa0012f81022.js
buttons-config.sharethis.com/js/ 		438 B
882 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/63aa5463b92caa0012f81022.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.8.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-8-117.sin5.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:37 GMT
via
1.1 23632109ecb3eb8245f17822f97fa88e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 28 Dec 2022 04:37:49 GMT
server
AmazonS3
x-amz-cf-pop
SIN5-C1
x-amz-server-side-encryption
AES256
etag
"d0446970cab2a3b08a2f4f8bdf2fbef7"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
438
x-amz-cf-id
VpfxBJ1H1e7V8I1P0fLvceCRSRlrBDM6Y-YQOR3wfjE5NJlGcAhj1Q==
sc
l.sharethis.com/
Redirect Chain
  • https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co...
  • https://l.sharethis.com/sc?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co%2F...
177 B
701 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/sc?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&refDomain=t.co&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Researchers%20warn%20of%20threat%20actors%20employing%20a%20new%20Go-based%20malware%20dubbed%20Aurora%20Stealer%20in%20attacks%20in%20the%20wild.%20Aurora%20Stealer%20is%20an%20info-stealing%20malware%20that%20was%20first%20advertised%20on%20Russian-speaking%20underground%20forums%20in%20April%202022.%20Aurora%20was%20offered%20as%20Malware-as-a-Service%20(MaaS)%20by%20a%20threat%20actor%20known%20as%C2%A0Cheshire.%20It%20is%20a%20multi-purpose%20botnet%20with%20data%20stealing%20%5B%E2%80%A6%5D&samesite=None
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
3.120.82.246 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-82-246.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0b6862a66a4159333c606706257fa37a766c77361656da4395d1106590e88cc1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 23:55:37 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZHGAA2PIhvgAAAAIM2PaAw==
Access-Control-Allow-Headers
*
Content-Length
177
X-Robots-Tag
noindex, nofollow

Redirect headers

Date
Wed, 18 Jan 2023 23:55:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
https://securityaffairs.co
Location
/sc?event=pview&hostname=securityaffairs.co&location=%2F138851%2Fmalware%2Faurora-stealer-malware.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&refDomain=t.co&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Researchers%20warn%20of%20threat%20actors%20employing%20a%20new%20Go-based%20malware%20dubbed%20Aurora%20Stealer%20in%20attacks%20in%20the%20wild.%20Aurora%20Stealer%20is%20an%20info-stealing%20malware%20that%20was%20first%20advertised%20on%20Russian-speaking%20underground%20forums%20in%20April%202022.%20Aurora%20was%20offered%20as%20Malware-as-a-Service%20(MaaS)%20by%20a%20threat%20actor%20known%20as%C2%A0Cheshire.%20It%20is%20a%20multi-purpose%20botnet%20with%20data%20stealing%20%5B%E2%80%A6%5D&samesite=None
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZHyAA2PIhvgAAAAMWuk0Aw==
Access-Control-Allow-Headers
*
Content-Length
1128
X-Robots-Tag
noindex, nofollow
log
l.sharethis.com/ 		0
697 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l.sharethis.com/log?event=ibl&title=&url=https%3A%2F%2Ft.co%2F&fcmp=false&fcmpv2=false&has_segmentio=false&product=gdpr-compliance-tool-v2&publisher=63aa5463b92caa0012f81022&refDomain=t.co&refQuery=&source=sharethis.js&ts=1674086135663&sop=true&cms=unknown&description=Researchers%20warn%20of%20threat%20actors%20employing%20a%20new%20Go-based%20malware%20dubbed%20Aurora%20Stealer%20in%20attacks%20in%20the%20wild.%20Aurora%20Stealer%20is%20an%20info-stealing%20malware%20that%20was%20first%20advertised%20on%20Russian-speaking%20underground%20forums%20in%20April%202022.%20Aurora%20was%20offered%20as%20Malware-as-a-Service%20(MaaS)%20by%20a%20threat%20actor%20known%20as%C2%A0Cheshire.%20It%20is%20a%20multi-purpose%20botnet%20with%20data%20stealing%20%5B%E2%80%A6%5D
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.82.246 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-82-246.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 23:55:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZHGAA2PIhvgAAAAIM2PaAw==
Access-Control-Allow-Headers
*
X-Robots-Tag
noindex, nofollow
gtm.js
www.googletagmanager.com/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
c118ec4a3b42384f0bfff9aaf4ba2c589b51dd2e0d40a6f7df440899d3bdebbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40422
x-xss-protection
0
last-modified
Wed, 18 Jan 2023 22:46:22 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 18 Jan 2023 23:55:36 GMT
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v49/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 17:56:22 GMT
x-content-type-options
nosniff
age
280754
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17908
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:23:34 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jan 2024 17:56:22 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 06:54:45 GMT
x-content-type-options
nosniff
age
320451
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jan 2024 06:54:45 GMT
nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v30/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 23:56:52 GMT
x-content-type-options
nosniff
age
259124
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35764
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:06:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jan 2024 23:56:52 GMT
S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 03:45:13 GMT
x-content-type-options
nosniff
age
245423
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24408
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:50:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 16 Jan 2024 03:45:13 GMT
fontawesome-webfont.woff
securityaffairs.com/wp-content/themes/rigel_old/fonts/ 		0
0
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=7f328e8ac89ab883d5ef4a32c2877c9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 20:57:28 GMT
x-content-type-options
nosniff
age
269888
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23040
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:56:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jan 2024 20:57:28 GMT
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin
https://securityaffairs.co
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 2
date
Wed, 18 Jan 2023 23:55:35 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length
1186
expires
Thu, 19 Jan 2023 00:00:35 GMT
Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 4
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:04:13 GMT
server
nginx
etag
"ef768730e28cfbc5"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
content-length
30524
expires
Thu, 26 Dec 2024 13:04:13 GMT
logo-center-for-cybersecurity.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 4
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:04:12 GMT
server
nginx
etag
"4806ebe0f6643ed5"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length
7234
expires
Thu, 26 Dec 2024 13:04:12 GMT
newsletter.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 2
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:04:11 GMT
server
nginx
etag
"6aa7fdeb74024663"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length
18968
expires
Thu, 26 Dec 2024 13:04:11 GMT
EU-Blog-e.jpg
i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg?resize=300%2C251&ssl=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-nc
HIT syd 1
date
Wed, 18 Jan 2023 23:55:35 GMT
x-content-type-options
nosniff
last-modified
Tue, 27 Dec 2022 01:04:12 GMT
server
nginx
etag
"effa9c6f170c1972"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2022/06/EU-Blog-e.jpg>; rel="canonical"
content-length
13098
expires
Thu, 26 Dec 2024 13:04:12 GMT
fontawesome-webfont.ttf
securityaffairs.com/wp-content/themes/rigel_old/fonts/ 		0
0
g.gif
pixel.wp.com/ 		50 B
116 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=138851&tz=0&srv=securityaffairs.com&j=1%3A11.7.1&host=securityaffairs.co&ref=https%3A%2F%2Ft.co%2F&fcp=4094&rand=0.8459722357128678
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 18 Jan 2023 23:55:36 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
hb_v2.js
cdn.pixfuture.com/ 		44 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/hb_v2.js
Requested by
Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
325eba81c794b3e3fd46d8cc5c92a0027179e63d0fbe60e2bd823d1b9231f076

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
96555
cf-bgj
minify
last-modified
Tue, 17 Jan 2023 21:05:00 GMT
server
cloudflare
etag
W/"63c70d7c-b052"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2huTgl%2Fx%2FOCwwYtp5CKcaVC55J7tU5o07dFfCimMFiY6CV5XOWWsR2pZNo6nWAzk907ON2EiwpG5ZzN6qUo7LFDvvgOmY3G6ReRIbrv%2BqUCuQZO4%2Bv0%2FchwFjjVeB7x72Kv"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=172800, no-transform
access-control-allow-credentials
true
cf-ray
78bb4332dc2729ab-MEL
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 19 Jan 2023 21:05:21 GMT
js
www.googletagmanager.com/gtag/ 		215 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
b9bb08a70f6fb3e47eebe4e368bffdba6a1cac0413210c1e2ef7b43105dc4bf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77057
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 18 Jan 2023 23:55:36 GMT
js
www.googletagmanager.com/gtag/ 		234 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLPJ653
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
86bab6228dada00ad00978e378876aa2ccf14bc6773fc40e00554c7f1cc6a85b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81854
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 18 Jan 2023 23:55:36 GMT
cookie.js
partner.googleadservices.com/gampad/ 		403 B
472 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-4918072057181794&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/show_ads_impl_fy2021.js?bust=31071637
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
768074be6f0facc613822ac9ce46b152bee6cfc0507d38008845571aa8792db4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
259
x-xss-protection
0
integrator.js
adservice.google.com.au/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/show_ads_impl_fy2021.js?bust=31071637
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f157.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/show_ads_impl_fy2021.js?bust=31071637
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 6FF8 		603 B
240 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1674086136&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1674086135000&bpp=670&bdt=997&idt=1812&shv=r20230117&mjsv=m202212080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=805602959186&frm=20&pv=2&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31071637%2C44779793&oid=2&pvsid=4079479525170594&tmod=705239939&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1835
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212080101/show_ads_impl_fy2021.js?bust=31071637
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
analytics.google.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=2oe1a1&_p=940554831&_gaz=1&cid=307525084.1674086137&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674086136&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&dr=https%3A%2F%2Ft.co%2F&dt=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
339 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=307525084.1674086137&gtm=2oe1a1&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com.au/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=307525084.1674086137&gtm=2oe1a1&aip=1&z=1730212796
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		81 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
sffe /
Resource Hash
6769c01e5a300209a992b44a3d61575da5146fa80ecd87c9e0cf6c42c0928650
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27742
x-xss-protection
0
server
sffe
etag
"1456 / 736 of 1000 / last-modified: 1674083206"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 18 Jan 2023 23:55:37 GMT
pbix.js
cdn.pixfuture.com/ 		396 KB
397 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pbix.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7585aa8f207ab2dec9e79cc4c50711a269ef20153e6e41dc188abf32515b1c62

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:37 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
115561
cf-polished
origSize=406440
cf-bgj
minify
last-modified
Tue, 17 Jan 2023 15:42:53 GMT
server
cloudflare
etag
W/"63c6c1fd-633a8"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bK0UOtsb6kY%2Fap%2BepOMIODx1GjvluC%2BIC9LCjymxPMb1wzy%2BJdUD8K3j81xtFY%2F9kNRgN%2B2YDcBDeUZnO9D5%2FzO9dgf8Ic%2BKHnHhacntv1QFInFUhZ6JJJBcBoow7Dt7puvo"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=172800, no-transform
access-control-allow-credentials
true
cf-ray
78bb43344e2f29ab-MEL
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 19 Jan 2023 15:46:58 GMT
pixf_sync.html
cdn.pixfuture.com/ Frame E506 		934 B
928 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pixf_sync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
177adc7f598059a64688032183a789649b610f69d3d2e239c493c2568dd2a2cb

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
78bb43344e3c29ab-MEL
content-encoding
br
content-type
text/html
date
Wed, 18 Jan 2023 23:55:38 GMT
last-modified
Wed, 07 Dec 2022 20:04:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCh1R6HY2bG%2BYqUc2M2ADjdgmGKvGX%2F0%2Bg1UQvhAD4%2FhRiYBtOeZH1xQquxY%2F2%2Bci4EStVg9n4WR29XaNn9s18byYad4M4Gtsz3%2FDpBTwq%2FuMZmMAjLccc0CSoBBiiGNUu1v"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
r.js
aa.agkn.com/adscores/ 		0
461 B 		Script
General
Check archive.org
Download Go to
Full URL
https://aa.agkn.com/adscores/r.js?sid=9112309848
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.114.216.187 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-114-216-187.ap-northeast-1.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
server
AAWebServer
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type
application/javascript;charset=iso-8859-1
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
0
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		16 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24274x728x90x4142x_ADSLOT1&keywords=aurora,stealer,malware,is,becoming,prominent,threatsecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600&cb=1674086136965
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.253.218 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a6cb4812e82c5be7c12b260011b6ef2048a7ea65c5dbfaf5b40b109812b96232

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
transfer-encoding
chunked
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Pragma,Access-Control-Max-Age,Expires,Vary,Cache-Control,Access-Control-Allow-Origin
expires
0
hb_v2.php
served-by.pixfuture.com/www/delivery/ 		13 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/delivery/hb_v2.php?dat=24272x320x50x4142x_ADSLOT1&keywords=aurora,stealer,malware,is,becoming,prominent,threatsecurity,affairs&refUrl=https://t.co/&refresh=false&innerWidth=1600&cb=1674086136965
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.253.218 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
123a4fe7748fb5c0d98d0b90e598a64a2fcee71fd1a0f7baa24f5d3f44ec733e

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
transfer-encoding
chunked
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Pragma,Access-Control-Max-Age,Expires,Vary,Cache-Control,Access-Control-Allow-Origin
expires
0
collect
www.google-analytics.com/g/ 		0
348 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe1i0&_p=940554831&cid=307525084.1674086137&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674086137&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&dr=https%3A%2F%2Ft.co%2F&dt=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:37 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_2023011001.js
securepubads.g.doubleclick.net/gpt/ 		382 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
sffe /
Resource Hash
ba08a3d19225206e1f616f14c7d6e4f214002374c7086834026cb977a09748fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 23:24:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
88239
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132153
x-xss-protection
0
last-modified
Tue, 10 Jan 2023 09:35:18 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 17 Jan 2024 23:24:58 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		40 B
63 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
f2bf803b376222c9430fdba217e8c03cb9b8182b2d56ea46d68ec11ba8546e88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39
x-xss-protection
0
expires
Wed, 18 Jan 2023 23:55:38 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.com%2F&domain=securityaffairs.co&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 18 Jan 2023 23:55:37 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
564093
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
json
gum.criteo.com/sid/ 		354 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.com%2F&domain=securityaffairs.co&cw=1&lsw=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
f1546323f3eda7a7c0228890cc7a1c4d223c47f4569566b63f2f58f9ede02bd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1083553
expires
0
f
fid.agkn.com/ 		130 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fid.agkn.com/f?apiKey=2194730263&i4=103.209.254.136&r=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&r=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.24.113.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-24-113-245.us-west-2.compute.amazonaws.com
Software
AAWebServer /
Resource Hash
66b065ecfe41173b7c2410fcee2f6f33f0416c43e250922d48f9676fc8657f38

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
server
AAWebServer
vary
Origin
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type
application/javascript;charset=iso-8859-1
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
130
expires
0
prebid
id5-sync.com/api/config/ 		135 B
547 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
140e17bdd8186191131c02a6da856adbda9a3d9b961f994407e67f4caeca48e5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:38 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/ 		0
0
rid
match.adsrvr.org/track/ 		109 B
545 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=yoni5uv&fmt=json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
b546b8ad4fd1753c97082df171acf0932fc667b81b73ba9496fcc1f0abcaa717

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Fri, 17 Feb 2023 23:55:38 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578926%2C27578926&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
104.254.151.36 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
AN-X-Request-Uuid
3763ddc3-a6da-428e-9411-159b702a6b9b
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date
Wed, 18 Jan 2023 23:55:38 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
a52169f5-8441-4645-a873-d7bf5986a0df
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578926%252C27578926%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=27578935%2C27578935&t=1
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
0
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
104.254.151.36 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
AN-X-Request-Uuid
c5d202e5-8084-43ed-87c4-484b0d134528
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/javascript; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date
Wed, 18 Jan 2023 23:55:38 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
122ee116-3644-49dd-b1fb-49ea70114aac
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D27578935%252C27578935%26t%3D1
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_sync
prebidserver.pixfuture.com/ 		792 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/cookie_sync
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a61544bf1f5f6c8aaf3930d0f753c2247791c5bf0941c359573673da05b68ce8

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
792
expires
0
auction
prebidserver.pixfuture.com/openrtb2/ 		382 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
189468c1691f7c893b902070ea2083a70bb550f36f009956af77241b4a6de78f

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
382
expires
0
hb
ssc.33across.com/api/v1/ 		139 B
391 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
b641a199a97994ec7e4a3734e47099263c235c39c7cd3521fe74cd8512525d59

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
prebid
ib.adnxs.com/ut/v3/ 		261 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
169ff09843c5f43bf6ea4313ec90d8aee29bae844485c1e20dee71fb3ec5cb81
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
AN-X-Request-Uuid
1eef6fb4-5c09-4934-8ba7-9d09e5a9d400
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
261
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
prebid.media.net/rtb/ 		32 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
22c1bc19a8d31d025d5e765449483e3c25c322c0400d91ba295d5f5c735c6e56

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
via
1.1 google
server
nginx
content-type
application/octet-stream
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
content-length
32
fastlane.json
fastlane.rubiconproject.com/a/api/ 		434 B
760 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=43&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,,,&eid_pubcid.org=f999fbfa-7e97-4782-938b-ba49f27ef39b%5E1&rf=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&kw=aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=7ca8712e-1413-4651-b192-1d2f98c25e1e&l_pb_bid_id=155acb42620e1cd&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3734324197767711
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
af0c0479bf45fe3df33d7084edc28c512fa7bec0a999f395a2b9088d44092c89

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
434
expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ 		989 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.65 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
389e04b8c4ac8d92b2f3886697cf75c7c22422c3fe0fd6fbbfdfcd431b92e109

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
593 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7ca8712e-1413-4651-b192-1d2f98c25e1e&nocache=1674086138050&pubcid=f999fbfa-7e97-4782-938b-ba49f27ef39b&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divids=24272x320x50x4142x_ADSLOT1&aucs=&auid=540580841&tps=bXlrZXl3b3JkPWF1cm9yYSxzdGVhbGVyLG1hbHdhcmUsaXMsYmVjb21pbmcscHJvbWluZW50LHRocmVhdHNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9YXVyb3JhLHN0ZWFsZXIsbWFsd2FyZSxpcyxiZWNvbWluZyxwcm9taW5lbnQsdGhyZWF0c2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
ea6a9596a9cb5fe085ddc766ceee7fa86d0a477781b0c6615b731280a2c4b661

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
164
expires
Mon, 26 Jul 1997 05:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.193 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:37 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bid
ap.lijit.com/rtb/ 		24 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.60 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software
/
Resource Hash
76ed2b93bc57345f7305a1c6078bd8069d3fe602ae7875e924ebd42777a409d3

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 18 Jan 2023 23:55:38 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
trinity.json
apex.go.sonobi.com/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22252cd5078a69347%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&s=c6c626cc-d959-4463-a0a1-77da83f28141&pv=5d0b5937-d9d2-49ce-b689-c1df9129f1c0&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html%22%2C%22keywords%22%3A%22aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f999fbfa-7e97-4782-938b-ba49f27ef39b%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f999fbfa-7e97-4782-938b-ba49f27ef39b%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.34.250.78 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
921426793f2c83d966ab22282c289776660d83988aaa1bdcacb32e395bb35982
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-37
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
608
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/universal/ 		710 B
718 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.66.232 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-66-232.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
536425ea59971bfd6b36ecd911f0ac7cce077dd869729a7552af17ac52c00ab0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
348
bidRequest
c2shb.pubgw.yahoo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.77.152.198 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-77-152-198.ap-southeast-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://securityaffairs.co
access-control-max-age
600
age
0
content-length
0
date
Wed, 18 Jan 2023 23:55:38 GMT
server
ATS/9.1.10.25
auction
prebidserver.pixfuture.com/openrtb2/ 		381 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/openrtb2/auction
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
0d1653c79d2312e083a5e42a24009e476e71bc542038bc533c08e5be8b9ea39f

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
381
expires
0
bidRequest
c2shb.pubgw.yahoo.com/ 		66 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.77.152.198 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-77-152-198.ap-southeast-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f4aa900ea610a8b3ede267c23e5c45a74303519f1767026d2579dea4fb315ff9

Request headers

Referer
https://securityaffairs.co/
x-openrtb-version
2.5
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
content-length
66
trinity.json
apex.go.sonobi.com/ 		95 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22383272f0a186e85%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&s=e07030a6-4526-4d5e-979e-5026a65cecff&pv=5d0b5937-d9d2-49ce-b689-c1df9129f1c0&vp=desktop&lib_name=prebid&lib_v=7.16.0-pre&us=0&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22securityaffairs.co%22%2C%22cat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22sectioncat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22pagecat%22%3A%5B%22IAB12%2CIAB19-18%22%5D%2C%22page%22%3A%22https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html%22%2C%22keywords%22%3A%22aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%2C%22rid%22%3A%224d2f0cd6-5498-48e9-9cb4-ed33016bb2de%22%7D%5D%7D&userid=%7B%22pubcid%22%3A%22f999fbfa-7e97-4782-938b-ba49f27ef39b%22%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f999fbfa-7e97-4782-938b-ba49f27ef39b%22%2C%22atype%22%3A1%7D%5D%7D%5D&kw=aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs&coppa=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.34.250.78 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
00e7d81fa98727d6813180ee37727eea6fbf23e5641025158faccc0639f3bc99
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-25
Content-Type
application/json
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Length
120
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
v1
btlr.sharethrough.com/universal/ 		668 B
826 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.66.232 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-66-232.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
d9addbc5e4dc1ab9e57463a1f2f5fcd314fa45868981029b4e7efafedeec2f6b

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
x-openrtb-version
2.5
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
457
hb
ssc.33across.com/api/v1/ 		139 B
220 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=azC7qard4r6OkMaKlId8sQ
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
ebddd4d6beb79222ff03ce3a8f1025c8208c7abeed51729196c9f5482642e99c

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
bid
ap.lijit.com/rtb/ 		24 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.16.0-pre
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.60 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software
/
Resource Hash
180ad7b71bbb588b1884751ee4af6cd994314fefd27f13eb22610843a2ccca27

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 18 Jan 2023 23:55:38 GMT
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
24
prebid
ib.adnxs.com/ut/v3/ 		261 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
ea5f66265603af69d01766fd55f765b083235793b621a814826432775a24c91e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:38 GMT
AN-X-Request-Uuid
6898026e-da30-4280-872f-312d6963e7d1
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://securityaffairs.co
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
261
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		933 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.65 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
2e6d424353f2ee3ebc5f371dca4ce9ba6a9f25cb2c1b7dada60b886978a4ac32

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
arj
pixfuture2-d.openx.net/w/1.0/ 		173 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7f9f1f3b-df49-4430-8f9a-da6013cf00eb&nocache=1674086138070&pubcid=f999fbfa-7e97-4782-938b-ba49f27ef39b&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C4d2f0cd6-5498-48e9-9cb4-ed33016bb2de%2C%2C&aus=728x90&divids=24274x728x90x4142x_ADSLOT1&aucs=&auid=540580842&tps=bXlrZXl3b3JkPWF1cm9yYSxzdGVhbGVyLG1hbHdhcmUsaXMsYmVjb21pbmcscHJvbWluZW50LHRocmVhdHNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9YXVyb3JhLHN0ZWFsZXIsbWFsd2FyZSxpcyxiZWNvbWluZyxwcm9taW5lbnQsdGhyZWF0c2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
ef213a6cc52c03cc1ed7273a4ab095bdbfb989c8383a13eea69678ace652efc0

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://securityaffairs.co
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
165
expires
Mon, 26 Jul 1997 05:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		433 B
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23564&site_id=378734&zone_id=2094440&size_id=2&p_pos=atf&rp_schain=1.0,1!pixfuture.com,4142,1,4d2f0cd6-5498-48e9-9cb4-ed33016bb2de,,&eid_pubcid.org=f999fbfa-7e97-4782-938b-ba49f27ef39b%5E1&rf=https%3A%2F%2Fsecurityaffairs.com%2F138851%2Fmalware%2Faurora-stealer-malware.html&kw=aurora%2Cstealer%2Cmalware%2Cis%2Cbecoming%2Cprominent%2Cthreatsecurity%2Caffairs&tg_i.domain=securityaffairs.co&tg_i.cat=IAB12%2CIAB19-18&tg_i.sectioncat=IAB12%2CIAB19-18&tg_i.pagecat=IAB12%2CIAB19-18&tg_i.page=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&tk_flint=pbjs_lite_v7.16.0-pre&x_source.tid=7f9f1f3b-df49-4430-8f9a-da6013cf00eb&l_pb_bid_id=53abd144226f5ad&p_screen_res=1600x1200&rp_floor=0.1&rp_secure=1&rp_maxbids=1&slots=1&rand=0.42587597069356553
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
84eded3cd022be372acbb3082036431b0b29e1d2b05fb89954bcdb95a0665fbb

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:38 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://securityaffairs.co
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
433
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/ 		32 B
185 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUIUMTP7
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
22c1bc19a8d31d025d5e765449483e3c25c322c0400d91ba295d5f5c735c6e56

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
via
1.1 google
server
nginx
content-type
application/octet-stream
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
clear
content-length
32
translator
hbopenbid.pubmatic.com/ 		0
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.193 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:37 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vaafb692b2aea4879b33c060e79fe94621666317369993
static.cloudflareinsights.com/beacon.min.js/ Frame E506 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pixf_sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.56.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer
https://cdn.pixfuture.com/
Origin
https://cdn.pixfuture.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
content-encoding
gzip
last-modified
Fri, 21 Oct 2022 01:56:09 GMT
server
cloudflare
etag
W/2022.10.1
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
78bb433d6937dfa1-MEL
rum
cdn.pixfuture.com/cdn-cgi/ Frame E506 		0
136 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://cdn.pixfuture.com/pixf_sync.html
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type
application/json

Response headers

date
Wed, 18 Jan 2023 23:55:38 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://cdn.pixfuture.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
78bb433e5d6729ab-MEL
/
ads.us.e-planning.net/uspd/1/ Frame CE5F
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
1 KB
933 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.120.110.136 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
040ea190914164d3ef331dbd5dda91f7697a1c874aaab510ceac6cbaf572b014

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
gzip
content-type
text/html
date
Wed, 18 Jan 2023 23:55:39 GMT
expires
Wed, 18 Jan 2023 23:55:39 GMT
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
SIN-726

Redirect headers

content-type
text/html; charset=iso-8859-1
date
Wed, 18 Jan 2023 23:55:39 GMT
location
/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server
openresty
x-sid
SIN-726
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
72093884558b18d7a418e8e807f6b69e81ae859da02f471ad03150f009af430b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:39 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
pxft_iel.js
cdn.pixfuture.com/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pixfuture.com/pxft_iel.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22de3cfef032de2d4fdb9617e21c37a4e1b94d3c388eacf661428139aac3e19c

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
34645
cf-bgj
minify
last-modified
Fri, 09 Dec 2022 15:37:52 GMT
server
cloudflare
etag
W/"63935650-139c"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4%2FBDmDilpbOd%2BaMPVHdc3S8WkXTm7IvpHWlBZhWoicPWZDxzXoPO7bbT%2BM45IdxT9MN7A1z7dFZRiSGIYz1DcwaUNcu2Yj3HCW0KrPxw%2BHUPCTRiOJPRefnVNsMmYeBbaGe"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=172800, no-transform
access-control-allow-credentials
true
cf-ray
78bb43434d0629ab-MEL
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 18 Jan 2023 15:52:20 GMT
tag.min.js
get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-93.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04da339baae1948d51e6ffcd4f1f118fe304f7aef2884cd164714df856f0e7f0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id
0Wki3095rBiC8xDP56.qUYf2JNRTRIn7
content-encoding
gzip
via
1.1 729399d6290e74ddd43cb2da1cab5266.cloudfront.net (CloudFront)
date
Wed, 18 Jan 2023 10:36:40 GMT
last-modified
Mon, 07 Nov 2022 19:46:30 GMT
server
AmazonS3
x-amz-cf-pop
SIN2-P1
age
47940
etag
W/"34bbd675e8b425becff971d5a4756c10"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
ZWtFWKMamY6gUSSlXpGavBaIE6uZL8rjJY3lh3SPBFIyxt7eWheEfw==
integrator.js
adservice.google.com.au/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f157.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
582 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=2551053454731101&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.06&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x75%7C320x50%7C468x60%7C728x90&ifi=2&adks=990858531&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086139373&lmt=1674086139&dlt=1674086134003&idt=4511&adxs=320&adys=404&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=4&ohw=1600&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
9fcc526b8eac080f65a017b8d8cb9f215307e57c57f0fec8ec73360cea3435bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
551
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D8FB 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:39 GMT
expires
Thu, 18 Jan 2024 23:55:39 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1 KB
579 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=2625413862925711&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.06&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50&ifi=3&adks=2821526157&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086139393&lmt=1674086139&dlt=1674086134003&idt=4511&adxs=320&adys=1144&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=4&ohw=1600&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
d470e7daa240f882619834157f2c1def608a536e7254b8546af2691c3210ec0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
548
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
u-sin01.e-planning.net/ Frame CE5F
Redirect Chain
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79
  • https://pixel.sitescout.com/dmp/pixelSync?cookieQ=1&network=EPLANNING&rurl=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3Db48a155f91563f79
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&partner_url=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3Deeee0d2c-80...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&partner_url=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fuid%3Deeee0...
  • https://u-sin01.e-planning.net/um?uid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&dc=0abbcb4eba840e59&fi=b48a155f91563f79
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-sin01.e-planning.net/um?uid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&dc=0abbcb4eba840e59&fi=b48a155f91563f79
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
64.120.110.139 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

server
openresty
date
Wed, 18 Jan 2023 23:55:42 GMT
content-type
image/gif

Redirect headers

date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://u-sin01.e-planning.net/um?uid=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&dc=0abbcb4eba840e59&fi=b48a155f91563f79
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
um
u-sin01.e-planning.net/ Frame CE5F
Redirect Chain
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3Db48a155f91563f79%26uid%3D%24%7BUID%7D
  • https://u-sin01.e-planning.net/um?dc=ff96d1aa62deeebd&fi=b48a155f91563f79&uid=13eb4b6c-6e8f-4b9c-a2d1-b2b4170202eb
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-sin01.e-planning.net/um?dc=ff96d1aa62deeebd&fi=b48a155f91563f79&uid=13eb4b6c-6e8f-4b9c-a2d1-b2b4170202eb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
64.120.110.139 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

server
openresty
date
Wed, 18 Jan 2023 23:55:40 GMT
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:39 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
location
https://u-sin01.e-planning.net/um?dc=ff96d1aa62deeebd&fi=b48a155f91563f79&uid=13eb4b6c-6e8f-4b9c-a2d1-b2b4170202eb
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-request-id
r82iu4l3hjpqd8gh8er5vmg226ed2gfv
lotame20220615.js
s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/ Frame CE5F 		566 B
521 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.206.157.242 New York, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
last-modified
Wed, 15 Jun 2022 16:21:31 GMT
server
openresty
etag
W/"62aa070b-236"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Mon, 17 Jan 2028 23:55:40 GMT
um
u-sin01.e-planning.net/ Frame CE5F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3Db48a155f91563f79%26uid%3D%24UID
  • https://u-sin01.e-planning.net/um?dc=8103fa85295fbe60&fi=b48a155f91563f79&uid=6829783725336387995
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-sin01.e-planning.net/um?dc=8103fa85295fbe60&fi=b48a155f91563f79&uid=6829783725336387995
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Server
64.120.110.139 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

server
openresty
date
Wed, 18 Jan 2023 23:55:40 GMT
content-type
image/gif

Redirect headers

Date
Wed, 18 Jan 2023 23:55:39 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
372f4aba-7e49-46bf-9175-a4e04a22e261
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://u-sin01.e-planning.net/um?dc=8103fa85295fbe60&fi=b48a155f91563f79&uid=6829783725336387995
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 46B9
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=apac
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
281 B
410 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 23:55:40 GMT
etag
"403b9-119-5ec73a0a33d00"
last-modified
Wed, 02 Nov 2022 02:30:44 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 18 Jan 2023 23:55:40 GMT
location
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
server
AkamaiGHost
usermatch
ssum.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a51ded4d71e22713ece5a0d4292799fbd798c044696b6dacd6cdf907441d1e52

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
78bb43475e352b3a-MEL
content-encoding
br
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e82v%2FT%2ByF%2BC%2Bw%2B2bXfRzV9%2B5E%2FON7kIYl%2B4e2GXQMNM%2FVTzsBB4NAnVPlvCrrrIZDfCqV4MqsZUDyGa3WFjh6ERZrmeFTUpuv5oYTHQj4xYl1OpVRUqIJsnuyYbxLb%2F25ckENsDm"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
78bb43461cac2b3a-MEL
content-length
0
date
Wed, 18 Jan 2023 23:55:39 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8K24rRpCDJ%2B%2FlcNLOoZ3wgm66I8TNzS4heJAodTik48SjKISE1H4J1mu7va5LgHGQMqKQ7g1J8EhgQ1VqF7NQIhG1gpFzSfYgCsfwytWdMD%2FoXCdwnICayWvrP0GaUmYaaXDvFy"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 3716 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
167.88.158.176 , Singapore, ASN30081 (CACHENETWORKS, US),
Reverse DNS
unknown.scnet.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
max-age=157680000
cf4age
974542
cf4ttl
157680000.000
content-length
1525
content-type
text/html
date
Wed, 18 Jan 2023 23:55:41 GMT
etag
"61ddbb71-5f5"
expires
Wed, 07 Jul 2027 16:09:28 GMT
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
server
CFS 0215
x-cf-rand
3.384
x-cf-reqid
6545f63b0116797f02d1c45888716f3d
x-cf-tsc
1658271112
x-cf1
29080:fC.sin1:co:1585621119:cacheA.sin1-01:H
x-cf2
H
x-cf3
H
x-cff
B
integrator.js
adservice.google.com.au/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1002 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=3299817023403687&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.05&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x75%7C320x50%7C468x60%7C728x90&ifi=4&adks=3597759221&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086139846&lmt=1674086139&dlt=1674086134003&idt=4511&adxs=320&adys=404&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
4a73e4991fc7d34e5fd50a06503a203e90f2d13e5a034d728eef92b73e26e4be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
432
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		1002 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=2657705079644368&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.05&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50&ifi=5&adks=2303075427&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086139854&lmt=1674086139&dlt=1674086134003&idt=4511&adxs=320&adys=1144&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
2d186cf8ea3d4a328eb1f236ac19bd1bb8c4276b13c8e125149c5a77a948237b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
435
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
onetag-geo.s-onetag.com/ 		535 B
940 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-31.sin2.r.cloudfront.net
Software
/
Resource Hash
c2dff4d99eef4b35e8f498d841d785ec135749647ff00b3efd1a5d66f87e5241

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
via
1.1 446026fb3dafe55d3602866eda0c744a.cloudfront.net (CloudFront), 1.1 446026fb3dafe55d3602866eda0c744a.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1, SIN2-P1
x-amzn-requestid
34ebe327-bcce-4956-a8dc-35d81c734e89
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
e9oHiEKXiYcF_Kw=
content-length
535
x-amz-cf-id
eK1qABVvNVpYPsnHp-n60bHrOLvqe-6Nnud9suR8oAk3nyz7vEyZiQ==
beacon.min.js
signal-beacon.s-onetag.com/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signal-beacon.s-onetag.com/beacon.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-7.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id
SQDb2i9Q5YZSPn9JZMj9axyuCi9GAOZD
content-encoding
gzip
via
1.1 33e34fa0e388cd08b1ada7f8b2f1654c.cloudfront.net (CloudFront)
date
Wed, 18 Jan 2023 16:22:46 GMT
last-modified
Wed, 10 Aug 2022 09:56:11 GMT
server
AmazonS3
x-amz-cf-pop
SIN52-P1
age
27175
x-amz-server-side-encryption
AES256
etag
W/"588a5c88fba4ca02dace48040384e257"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
vtCUyUXE-QDaSUI1hOkFGp94W_QUBl3O6pIBHDD1D5fHjXTGbZ2NsQ==
%2F138851%2Fmalware%2Faurora-stealer-malware.html
signal-segments.s-onetag.com/desktop/securityaffairs.co/ 		1 KB
502 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://signal-segments.s-onetag.com/desktop/securityaffairs.co/%2F138851%2Fmalware%2Faurora-stealer-malware.html
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-83.sin52.r.cloudfront.net
Software
/
Resource Hash
efead65964b5699f4dffa42ca59391364be9c4341d8d90a570ea3ccdb67a11b0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
via
1.1 dda7799d8b238a0cfe4bb363587dd4bc.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
maKtqNKNfDDF2uWPwpzLBM1dBPHV56jyZ3VBenBOBrcbUyfWMO5kTA==
apigw-requestid
e9oHejrOiYcEP3A=
securityaffairs.co
signal-segments.s-onetag.com/desktop/ 		1 KB
509 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://signal-segments.s-onetag.com/desktop/securityaffairs.co
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/6a105cf8-5d47-4e0a-8c4b-7c60422256d2/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-83.sin52.r.cloudfront.net
Software
/
Resource Hash
efead65964b5699f4dffa42ca59391364be9c4341d8d90a570ea3ccdb67a11b0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 10:02:05 GMT
content-encoding
gzip
via
1.1 dda7799d8b238a0cfe4bb363587dd4bc.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
age
50014
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
Q1v_Dn8uxWCQbZpl4oWqBmmQZ2xm-E5l5XDgGY9mJEHlY547gpbcWg==
apigw-requestid
e7uAtg3BCYcEacw=
/
onetag-sys.com/usync/ Frame 38C3 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
45441e8544fee1082969100db86d9cf388299cc5a2ae722d7608eada229057d6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
1413
content-type
text/html
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security
max-age=15552000
529.json
id5-sync.com/g/v2/ 		462 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
b21ee81dcf43a413a9fab8f3407ade1ef37e67d27d4afacc784127f676fc5cbc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
integrator.js
adservice.google.com.au/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1002 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=1464419658099260&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.04&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50&ifi=6&adks=2296700741&sfv=1-0-40&prev_scp=sovrn-viewability%3DNA%26sovrn-engagement%3DNA&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086140251&lmt=1674086140&dlt=1674086134003&idt=4511&adxs=320&adys=1144&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
d4de8657597c32758154a11f704c5a3763c15ab67507ebdcbe9c4e8ca915983f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
435
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		1002 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=1966416084943424&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.04&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x75%7C320x50%7C468x60%7C728x90&ifi=7&adks=1552190141&sfv=1-0-40&prev_scp=sovrn-viewability%3DNA%26sovrn-engagement%3DNA&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086140281&lmt=1674086140&dlt=1674086134003&idt=4511&adxs=320&adys=404&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
4c1db2d4d8498a64db9904731443434dd62dd4cbae87fd17a356e277efbe99d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
432
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHiizJ-LnxF4_-8L8wzw_yA&google_cver=1
43 B
788 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHiizJ-LnxF4_-8L8wzw_yA&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
H2
Server
104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dlTqqOT0PScmD7xdbmz0DlagqvtkeXRDeSi2Rn4j4wHysjr7PhcRX1tLeVUHth5QH7jmreFAQki8TQb7Yl9vk75fqsr%2FC5Ee8ieuOdglNw3URcRplNJ9JfDWJxz7oBiuv5XNO%2FYwofEjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
78bb434e992b5a98-MEL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEHiizJ-LnxF4_-8L8wzw_yA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&expiration=1676678140&gdpr=0&gdpr_consent=
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&expiration=1676678140&gdpr=0&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&expiration=1676678140&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
crum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Y8iG.9f3KcCGVGHQ8T7zlQAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 2E6B
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
W0E2FXFV09NQRH55BGS2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
5RQBX2RGEP1CWGTQEEPV
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y8iG-9f3KcCGVGHQ8T7zlQAAFNYAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=XMWRLFLAlHdHlMQtD5PfJ1_HynZHlMojXs6r8liU
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=XMWRLFLAlHdHlMQtD5PfJ1_HynZHlMojXs6r8liU
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=XMWRLFLAlHdHlMQtD5PfJ1_HynZHlMojXs6r8liU
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ef5963c8-86fc-4200-963a-0d6e46b113f5
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ef5963c8-86fc-4200-963a-0d6e46b113f5
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Date
Wed, 18 Jan 2023 23:55:40 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x20 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ef5963c8-86fc-4200-963a-0d6e46b113f5
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:39 GMT
crum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=
  • https://stags.bluekai.com/site/23178?id=esHapMWKYhvemw6edoLG&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3S...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD2ZLTJBQXA...
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=esHapMWKYhvemw6edoLG
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=esHapMWKYhvemw6edoLG
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=esHapMWKYhvemw6edoLG
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
115
Expires
Thu, 01 Dec 1994 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 2E6B
Redirect Chain
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=d3b76a31-4cba-4f94-ab31-8a2d533a763c&us_privacy=null&gdpr_consent=null&gdpr=null
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=d3b76a31-4cba-4f94-ab31-8a2d533a763c&us_privacy=null&gdpr_consent=null&gdpr=null
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=d3b76a31-4cba-4f94-ab31-8a2d533a763c&us_privacy=null&gdpr_consent=null&gdpr=null
date
Wed, 18 Jan 2023 23:55:41 GMT
server
_
content-length
0
um
u-sin01.e-planning.net/ Frame 2E6B 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-sin01.e-planning.net/um?dc=99e41df815fd80b4&fi=b48a155f91563f79&uid=Y8iG.9f3KcCGVGHQ8T7zlQAA%265334
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fu-sin01.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3Db48a155f91563f79%26uid%3D&s=190243&C=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
64.120.110.139 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

server
openresty
date
Wed, 18 Jan 2023 23:55:40 GMT
content-type
image/gif
lt.min.js
tags.crwdcntrl.net/lt/c/15238/ Frame CE5F 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/f6ee63a0c2353004/lotame20220615.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-106.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
483f311a8d9db59530fc54b5b26bb9c1d26da0825cc4daf4cc81b86fc3bf2247

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 12:30:30 GMT
content-encoding
gzip
via
1.1 32b95ef5feec0715f987a398c50c07d0.cloudfront.net (CloudFront)
last-modified
Tue, 10 Jan 2023 19:25:16 GMT
server
AmazonS3
x-amz-cf-pop
SIN2-P1
age
59722
x-amz-server-side-encryption
AES256
etag
W/"44d82b5745f227ee46d8a0beda1094d4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-id
HSGPH2Nw6Ou3JSbErJTJiWfnD4PKbSqNFJf9DBx-O_Wbu8AvMIhkLQ==
setuid
prebidserver.pixfuture.com/ Frame 6325 		0
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=eplanning&gdpr=&gdpr_consent=&f=b&uid=AHx%2fv96BSeQzdaIa
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
expires
0
pragma
no-cache
vary
Origin
/
de.tynt.com/deb/ Frame 6D3D
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
  • https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
68b4382e37f065e5494a43903f6ae58350fdca69c4b2eb7463763a09e46d418a

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length
2016
content-type
text/html
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url

Redirect headers

accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length
0
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
location
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 88A0 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.72.44.196 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-196.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=68369
content-encoding
gzip
content-length
5554
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
expires
Thu, 19 Jan 2023 18:55:09 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
pd
jp-u.openx.net/w/1.0/ Frame AA75 		533 B
638 B 		Document
General
Check archive.org
Download Go to
Full URL
https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
6e9d3c34ce822e0813ed2bb9b32cd152f92d066ae94eba2173a4149b71225918

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
325
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame CC80 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.72.44.183 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-183.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 18 Jan 2023 23:55:40 GMT
ETag
"623de86a-cf34"
Expires
Thu, 19 Jan 2023 23:55:42 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 4ED9 		281 B
410 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 23:55:40 GMT
etag
"403b9-119-5ec73a0a33d00"
last-modified
Wed, 02 Nov 2022 02:30:44 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8EC8 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.72.44.196 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-196.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=68369
content-encoding
gzip
content-length
5554
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
expires
Thu, 19 Jan 2023 18:55:09 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
pd
jp-u.openx.net/w/1.0/ Frame F01A 		533 B
626 B 		Document
General
Check archive.org
Download Go to
Full URL
https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
6e9d3c34ce822e0813ed2bb9b32cd152f92d066ae94eba2173a4149b71225918

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
325
content-type
text/html
date
Wed, 18 Jan 2023 23:55:40 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 867F 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/pbix.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.72.44.183 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-183.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 18 Jan 2023 23:55:40 GMT
ETag
"623de86a-cf34"
Expires
Thu, 19 Jan 2023 23:55:42 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
v1
match.sharethrough.com/sync/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
68 B
280 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
18.139.240.219 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a&google_hm=MDUyODc5N2QtNDY4ZC00MWUzLWEwYTMtZWIwYjQ5YWMxNTRh
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJS-MfCLEIo47j2DKck9u6s&google_cver=1&ssp=sonobi&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=0528797d-468d-41e3-a0a3-eb0b49ac154a
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-16
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Date
Wed, 18 Jan 2023 23:55:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
redir
rtb-csync.smartadserver.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/sas?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AARmS07HkQ4AAB9iFgkGyA&gdpr=0
43 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AARmS07HkQ4AAB9iFgkGyA&gdpr=0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AARmS07HkQ4AAB9iFgkGyA&gdpr=0
Date
Wed, 18 Jan 2023 23:55:41 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
v1
match.sharethrough.com/sync/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&gdpr=0&gdpr_consent=&google_hm=NTY0ZTBkZTEtZmU0Ni00ZGI0LWJiOTItMGNhN2EyMGMxNGM2
  • https://match.sharethrough.com/sync/v1?gdpr=0&gdpr_consent=
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
18.139.240.219 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://match.sharethrough.com/sync/v1?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
260
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7190145226286823571&gdpr=0&gdpr_consent=
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7190145226286823571&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7190145226286823571&gdpr=0&gdpr_consent=
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
v1
match.sharethrough.com/sync/
Redirect Chain
  • https://gu.dyntrk.com/adx/dstct/us.php?dynk=d4s3t4c3t&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dd5VvCLuDuN8u3E6oruPETyjE%26source_user_id%3D%25USE...
  • https://match.sharethrough.com/sync/v1?source_id=d5VvCLuDuN8u3E6oruPETyjE&source_user_id=07030001_63c886fcd5d18&gdpr=0&gdpr_consent=
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=d5VvCLuDuN8u3E6oruPETyjE&source_user_id=07030001_63c886fcd5d18&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
18.139.240.219 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

date
Wed, 18 Jan 2023 23:55:40 GMT
server
nginx
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
access-control-allow-origin
*
location
https://match.sharethrough.com/sync/v1?source_id=d5VvCLuDuN8u3E6oruPETyjE&source_user_id=07030001_63c886fcd5d18&gdpr=0&gdpr_consent=
content-type
text/html; charset=UTF-8
cache-control
no-cache
keep-alive
timeout=10
access-control-allow-headers
Origin
sync
ups.analytics.yahoo.com/ups/58280/ 		0
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58280/sync?uid=564e0de1-fe46-4db4-bb92-0ca7a20c14c6&_origin=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.74.162.2 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=39&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=dc3163c8-86fc-4f00-8cef-a2d6e086023e&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=dc3163c8-86fc-4f00-8cef-a2d6e086023e&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Wed, 18 Jan 2023 23:55:40 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x25 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=25&partneruserid=dc3163c8-86fc-4f00-8cef-a2d6e086023e&gdpr=0&gdpr_consent=
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:39 GMT
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://a.audrte.com/get?p=M501991648&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D141%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=lb4Mhmg4qGXQACswinIaZIvXw
43 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=lb4Mhmg4qGXQACswinIaZIvXw
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=141&partneruserid=lb4Mhmg4qGXQACswinIaZIvXw
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
iu3
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/x/7318ffc0e8fa1d771446
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
1JZRRE3GDK5373MBEHF7
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
c.gif
c.bing.com/ 		42 B
668 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?Red3=STMS_pd&uid=71d22e4e-c638-449a-85cb-97cbce9424c6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
a-0001.a-msedge.net
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
last-modified
Tue, 10 Jan 2023 18:51:08 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FA5320C7802C4F6C90C3A7FF9B1F4F2D Ref B: MEL01EDGE1415 Ref C: 2023-01-18T23:55:40Z
etag
"da5284802425d91:0"
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type
image/gif
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=OWZjMzViYzAtYWJmOS00ZDRjLTkyZjgtMjQxYjIwY2ExNjYy
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEMLt0v8z1TD60PlhQQqNZ54&google_cver=1
49 B
858 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEMLt0v8z1TD60PlhQQqNZ54&google_cver=1
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-19
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEMLt0v8z1TD60PlhQQqNZ54&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=6JWgSS4Sw2lg&ev=1&pid=560288&gdpr_consent=&gdpr=0
43 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=6JWgSS4Sw2lg&ev=1&pid=560288&gdpr_consent=&gdpr=0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=92&partneruserid=6JWgSS4Sw2lg&ev=1&pid=560288&gdpr_consent=&gdpr=0
content-language
en-AU
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-stage-0
expires
-1
v1
match.sharethrough.com/sync/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sharethrough&user_id=71d22e4e-c638-449a-85cb-97cbce9424c6&gdpr=0&gdpr_consent=&gdpr_pd=1&usprivacy=
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=sharethrough
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=sharethrough
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=8588698492330147266&ssp=sharethrough
  • https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
18.139.240.219 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Location
//match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&seat_user_id=&seat_key=&gdpr=&gdpr_consent=&gdpr_pd=&usprivacy=
Date
Wed, 18 Jan 2023 23:55:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=2c40e9b7-c90f-4920-beee-5949d681755b&pubid=0b24fdfc82
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=2c40e9b7-c90f-4920-beee-5949d681755b&pubid=0b24fdfc82
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-91
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=2c40e9b7-c90f-4920-beee-5949d681755b&pubid=0b24fdfc82
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
227
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
299
usermatch
ssum-sec.casalemedia.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=179394&cb=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D33%26partneruserid%3D&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.19 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers
pixel.gif
yield-op-idsync.live.streamtheworld.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=themediagrid
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=themediagrid&ssp_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-uqRSxZxE2pm1fJz8mYPyuUAvlPwlemmno7DltA--~A&expires=5
  • https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a&stn=
43 B
542 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a&stn=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
208.92.55.231 , Canada, ASN13360 (TRITONDIGITAL, CA),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
x-stw-server
ash-mesos01-node04
x-stw-site
ASH
content-length
43
content-type
image/gif

Redirect headers

Location
//yield-op-idsync.live.streamtheworld.com/pixel.gif?partner=bsw&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a&stn=
Date
Wed, 18 Jan 2023 23:55:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=29ae63c8-86fd-4c00-852a-8d5532010346
49 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=29ae63c8-86fd-4c00-852a-8d5532010346
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-76
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x24 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=29ae63c8-86fd-4c00-852a-8d5532010346
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:40 GMT
ecm3
s.amazon-adsystem.com/ 		43 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=71d22e4e-c638-449a-85cb-97cbce9424c6
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
53D8H3RX2A5JY0F93CEG
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1972084068593236606
49 B
847 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1972084068593236606
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-27
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1972084068593236606
Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
sync.php
demand.trafficroots.com/ 		0
0
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://sync.1rx.io/usersync2/sharethrough
  • https://sync.1rx.io/usersync2/sharethrough?zcc=1&cb=1674086142204
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4557005118
  • https://sync.1rx.io/usersync/tradedesk/2c40e9b7-c90f-4920-beee-5949d681755b
  • https://sync.targeting.unrulymedia.com/csync/RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
42 B
334 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:44 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
date
Wed, 18 Jan 2023 23:55:43 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXe7d04bf0eeef41fc9f444f088054fa00004
content-type
text/html
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6829783725336387995&gdpr=0&gdpr_consent=
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6829783725336387995&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
74e7778b-ff7f-48b9-9581-534709c17b87
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6829783725336387995&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
match.sharethrough.com/sync/
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=83&gdpr=0&gdpr_consent=&mt_exuid=71d22e4e-c638-449a-85cb-97cbce9424c6&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DsxJxpx7oBnWwaat...
  • https://match.sharethrough.com/sync/v1?source_id=sxJxpx7oBnWwaatGE8NyMg2D&source_user_id=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=sxJxpx7oBnWwaatGE8NyMg2D&source_user_id=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Server
18.139.240.219 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-139-240-219.ap-southeast-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x22 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Location
https://match.sharethrough.com/sync/v1?source_id=sxJxpx7oBnWwaatGE8NyMg2D&source_user_id=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:41 GMT
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D100%2...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=3fbc535b-46d2-4719-8ecf-cc9db04a1ba0
43 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=3fbc535b-46d2-4719-8ecf-cc9db04a1ba0
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
23.106.127.165 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=100&partneruserid=3fbc535b-46d2-4719-8ecf-cc9db04a1ba0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=9fc35bc0-abf9-4d4c-92f8-241b20ca1662&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WGh1MS1KV184ODVGQzMxRTFCaWw1dw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEAr6Y11JMqy2FnB9vE-ZfoI&google_cver=1
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=6JWgSS4Sw2lg
49 B
840 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=6JWgSS4Sw2lg
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
72.34.250.75 Studio City, United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-lax-1-5-95
Content-Type
image/gif
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=6JWgSS4Sw2lg
content-language
en-AU
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-stage-0
expires
-1
usync.js
eus.rubiconproject.com/ Frame 46B9 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
eaedc6e62ec182fafcc46a6577feca0ecba7ab52da561b10fae4e9e0f7a64e32

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
last-modified
Wed, 18 Jan 2023 11:16:04 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=40820
content-length
10036
expires
Thu, 19 Jan 2023 11:16:00 GMT
/
onetag-geo.s-onetag.com/ 		535 B
940 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-31.sin2.r.cloudfront.net
Software
/
Resource Hash
c2dff4d99eef4b35e8f498d841d785ec135749647ff00b3efd1a5d66f87e5241

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
via
1.1 446026fb3dafe55d3602866eda0c744a.cloudfront.net (CloudFront), 1.1 446026fb3dafe55d3602866eda0c744a.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1, SIN2-P1
x-amzn-requestid
34ebe327-bcce-4956-a8dc-35d81c734e89
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
e9oHiEKXiYcF_Kw=
content-length
535
x-amz-cf-id
0vXNuJfLmHj56WkskBTybVey5WL-_GzCMBeUbwFk9x9-KMHdBQyOCw==
sd
us-u.openx.net/w/1.0/ Frame AA75
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3128058156106298774&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3128058156106298774&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3128058156106298774&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame AA75
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
335
sd
jp-u.openx.net/w/1.0/ Frame AA75
Redirect Chain
  • https://tg.socdm.com/rtb/sync_before?proto=openx
  • https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ugAAFXS19wAAAAA
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ugAAFXS19wAAAAA
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID
0
Date
Wed, 18 Jan 2023 23:55:41 GMT
X-SO-LB-Data
{"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"103.209.254.136","key":"Y8iG-cCo5ugAAFXS19wAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40136"}
X-SO-Key
Y8iG-cCo5ugAAFXS19wAAAAA
Server
nginx
X-SO-Upstream-ID
a-ad40136
P3P
CP="See also http://www.scaleout.jp/privacy/"
Location
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ugAAFXS19wAAAAA
Cache-Control
private
X-SO-HostName
a-ad40136.dc2p.scaleout.jp
Connection
keep-alive
X-SO-Ads-Time
157
Content-Length
0
X-SO-LB-Hostname
a-tgng40017.dc2p.scaleout.jp
X-SO-IP
103.209.254.136
sd
jp-u.openx.net/w/1.0/ Frame AA75
Redirect Chain
  • https://cr-p3.ladsp.com/cookiesender/3
  • https://cr-p3.ladsp.com/cookiesender/3?cr=true
  • https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYIyBSideVN-ks8ADzLRlYqH_s8AAAGFx09Ncg
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYIyBSideVN-ks8ADzLRlYqH_s8AAAGFx09Ncg
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront)
server
Logicad
x-amz-cf-pop
SIN2-P2
x-cache
Miss from cloudfront
p3p
CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=AYIyBSideVN-ks8ADzLRlYqH_s8AAAGFx09Ncg
cache-control
no-cache
content-length
0
x-amz-cf-id
_cvILhRFXGCRtCQk9KsM0ng3pss8Zl2tApI_9inkv8SaMvKwUAS2SA==
expires
-1
pixel
cm.g.doubleclick.net/ Frame AA75 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MDY1YTE3NjktMWU2Ny0yNmQxLWRjYmQtMjgxODVjYmIwZTA2
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame AA75
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame F01A
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame F01A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
43 B
249 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=2a35c4a3-d710-7875-c95d-72a19659c066&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
335
sd
jp-u.openx.net/w/1.0/ Frame F01A
Redirect Chain
  • https://tg.socdm.com/rtb/sync_before?proto=openx
  • https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ukAAIyo1ggAAAAA
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ukAAIyo1ggAAAAA
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

X-SO-Cluster-ID
0
Date
Wed, 18 Jan 2023 23:55:41 GMT
X-SO-LB-Data
{"ban":false,"clean_query":"\/rtb\/sync_before?proto=openx","cluster_id":0,"gdpr":false,"ipv4":"103.209.254.136","key":"Y8iG-cCo5ukAAIyo1ggAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad1001"}
X-SO-Key
Y8iG-cCo5ukAAIyo1ggAAAAA
Server
nginx
X-SO-Upstream-ID
m-ad1001
P3P
CP="See also http://www.scaleout.jp/privacy/"
Location
https://jp-u.openx.net/w/1.0/sd?id=537072335&val=Y8iG-cCo5ukAAIyo1ggAAAAA
Cache-Control
private
X-SO-HostName
m-ad1001.dc4p.scaleout.jp
Connection
keep-alive
X-SO-Ads-Time
1
Content-Length
0
X-SO-LB-Hostname
a-tgng40018.dc2p.scaleout.jp
X-SO-IP
103.209.254.136
sd
jp-u.openx.net/w/1.0/ Frame F01A
Redirect Chain
  • https://cr-p3.ladsp.com/cookiesender/3
  • https://cr-p3.ladsp.com/cookiesender/3?cr=true
  • https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ATX_61uwPpXNks8ADzLRlYqH_88AAAGFx09Ncw
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ATX_61uwPpXNks8ADzLRlYqH_88AAAGFx09Ncw
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront)
server
Logicad
x-amz-cf-pop
SIN2-P2
x-cache
Miss from cloudfront
p3p
CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ATX_61uwPpXNks8ADzLRlYqH_88AAAGFx09Ncw
cache-control
no-cache
content-length
0
x-amz-cf-id
21rlZYccZ4mp4rpQ8INHCzwmf7dvumffwUcNih0-SYP9bS6AbBFcHg==
expires
-1
pixel
cm.g.doubleclick.net/ Frame F01A 		170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MDY1YTE3NjktMWU2Ny0yNmQxLWRjYmQtMjgxODVjYmIwZTA2
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame F01A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
Requested by
Host: jp-u.openx.net
URL: https://jp-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://jp-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPwqQ23qBTF1fULgPNRHhZo&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.com.au/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1003 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=1296104156266173&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.031&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50&ifi=8&adks=2049787371&sfv=1-0-40&prev_scp=sovrn-viewability%3D0.1%26sovrn-engagement%3D0.0&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086140684&lmt=1674086140&dlt=1674086134003&idt=4511&adxs=320&adys=1144&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
e1a05fcf0daa9849b537f2792186a8209bf84de306f9f9f95e923bd8a8d07857
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
434
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.e-planning.net/ Frame 46B9
Redirect Chain
  • https://pixel-apac.rubiconproject.com/exchange/sync.php?p=12186&khaos=LD2BNVRV-25-BIU8
  • https://sync.e-planning.net/um?uid=LD2BNVRV-25-BIU8&dc=9bcc91305985f0db&iss=1
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?uid=LD2BNVRV-25-BIU8&dc=9bcc91305985f0db&iss=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
H2
Server
64.120.110.136 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

server
openresty
date
Wed, 18 Jan 2023 23:55:41 GMT
content-type
image/gif

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.e-planning.net/um?uid=LD2BNVRV-25-BIU8&dc=9bcc91305985f0db&iss=1
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
beb52df1a5a4b2f2cb3f37642c514298
Expires
0
usync.js
eus.rubiconproject.com/ Frame 4ED9 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
eaedc6e62ec182fafcc46a6577feca0ecba7ab52da561b10fae4e9e0f7a64e32

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
content-encoding
gzip
last-modified
Wed, 18 Jan 2023 11:16:04 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=40820
content-length
10036
expires
Thu, 19 Jan 2023 11:16:00 GMT
/
onetag-sys.com/match/ Frame 38C3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D1%26gdpr_consent%3D
  • https://onetag-sys.com/match/?int_id=1&uid=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=1&gdpr_consent=
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=1&uid=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=1&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x23 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://onetag-sys.com/match/?int_id=1&uid=29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=1&gdpr_consent=
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:40 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 38C3 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=1&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
3bafef7aa4e37890defcd73f0a080481
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
onetag-sys.com/match/ Frame 38C3
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID
  • https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=6829783725336387995
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=6829783725336387995
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date
Wed, 18 Jan 2023 23:55:40 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
4ae176b8-b223-429f-ae41-2dc9d01fedc5
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=6829783725336387995
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 38C3 		42 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 38C3
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABhcdPS9bp78HfGN9XGkS_dPLGaDnt6ftmxw
170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABhcdPS9bp78HfGN9XGkS_dPLGaDnt6ftmxw
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABhcdPS9bp78HfGN9XGkS_dPLGaDnt6ftmxw
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
sync
ssbsync-global.smartadserver.com/api/ Frame 38C3 		0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.106.127.53 , Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-length
0
/
onetag-sys.com/match/ Frame 38C3
Redirect Chain
  • https://id.rlcdn.com/711916.gif?ct=4&cv=
  • https://id.rlcdn.com/1000.gif?memo=COy5KxoNCP2Nop4GEgUI6AcQAEIASgA
  • https://onetag-sys.com/match/?int_id=110&uid=
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=110&uid=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

date
Wed, 18 Jan 2023 23:55:41 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://onetag-sys.com/match/?int_id=110&uid=
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ecm3
s.amazon-adsystem.com/ Frame 38C3
Redirect Chain
  • https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
  • https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
EQGY88Z4KBYXJ3XZP9KE
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
ImgSync
image8.pubmatic.com/AdServer/ Frame 38C3 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.197 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-length
0
/
onetag-sys.com/match/ Frame 38C3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
  • https://onetag-sys.com/match/?int_id=106&google_gid=CAESEKdi-uPy2HtzwLcY1SWHGsE&google_cver=1
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEKdi-uPy2HtzwLcY1SWHGsE&google_cver=1
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEKdi-uPy2HtzwLcY1SWHGsE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
298
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
occ
ups.analytics.yahoo.com/ups/58488/ Frame 38C3 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.74.162.2 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:40 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
onetag-sys.com/match/ Frame 38C3
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
  • https://onetag-sys.com/match/?int_id=29&uid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onetag-sys.com/match/?int_id=29&uid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
H2
Server
139.99.49.250 , Singapore, ASN16276 (OVH, FR),
Reverse DNS
ip250.ip-139-99-49.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://onetag-sys.com/match/?int_id=29&uid=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
233
sync
x.bidswitch.net/ Frame 38C3 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=onetag&gdpr=1&gdpr_consent=
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.213.12.39 Tokyo, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
39.12.213.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
setuid
prebidserver.pixfuture.com/ Frame 38C3 		0
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=onetag&gdpr=&gdpr_consent=&f=b&uid=cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
Requested by
Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://onetag-sys.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
vary
Origin
content-type
text/html
ads
securepubads.g.doubleclick.net/gampad/ 		1003 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=3627301615546002&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.031&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x75%7C320x50%7C468x60%7C728x90&ifi=9&adks=3052315880&sfv=1-0-40&prev_scp=sovrn-viewability%3D0.1%26sovrn-engagement%3D0.0&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086140766&lmt=1674086140&dlt=1674086134003&idt=4511&adxs=320&adys=404&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
76874a5016a8ae667987503a341a8f06e551cbf86af1335eefddb9360e5a975f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
434
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 46B9
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGuDhoBJG7RTD5lWVG7lFnk&google_cver=1
42 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGuDhoBJG7RTD5lWVG7lFnk&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
HTTP/1.1
Server
8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEGuDhoBJG7RTD5lWVG7lFnk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 46B9
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQyQk5WUlYtMjUtQklVOA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQyQk5WUlYtMjUtQklVOA==
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEQyQk5WUlYtMjUtQklVOA==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 46B9
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD2BNVRV-25-BIU8
0
574 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD2BNVRV-25-BIU8
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F508CD1E7F7C4E33B0D4965054515C3F Ref B: MEL01EDGE1709 Ref C: 2023-01-18T23:55:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXyko3SzZdcbJdcm8fAlQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LD2BNVRV-25-BIU8
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame 46B9
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=RmOKTRO7TDeChhw69TXv7g&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=RmOKTRO7TDeChhw69TXv7g
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=RmOKTRO7TDeChhw69TXv7g
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
HTTP/1.1
Server
67.220.224.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
1X4HZ11KYRM6PG3KD0EF
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=RmOKTRO7TDeChhw69TXv7g
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 46B9
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=&expires=30
42 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
HTTP/1.1
Server
8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=&expires=30
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
289
ecm3
s.amazon-adsystem.com/ Frame 46B9
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=MZw79MAZR_yUnBE6yvJ2Ww&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=MZw79MAZR_yUnBE6yvJ2Ww
43 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=MZw79MAZR_yUnBE6yvJ2Ww
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
Y19Z1X2A14MP7ENH7S6K
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=MZw79MAZR_yUnBE6yvJ2Ww
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 46B9
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWMxZWU4MDgwYmNlYTI3NjE1NWM2NmUyODkxNWQxNjdjYjBhYWIyNg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWMxZWU4MDgwYmNlYTI3NjE1NWM2NmUyODkxNWQxNjdjYjBhYWIyNg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWMxZWU4MDgwYmNlYTI3NjE1NWM2NmUyODkxNWQxNjdjYjBhYWIyNg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 46B9
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/6gwtDBIRT2p_q9dcoYrTfcn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pwzEuqRE2oIRFwgslsJua9cGeMEYdgv4RRrJjw--~A
42 B
691 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pwzEuqRE2oIRFwgslsJua9cGeMEYdgv4RRrJjw--~A
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=apac
Protocol
HTTP/1.1
Server
8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
b2a5c63b17f16a8024ffc6259157eaa8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Wed, 18 Jan 2023 23:55:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-pwzEuqRE2oIRFwgslsJua9cGeMEYdgv4RRrJjw--~A
content-length
0
PugMaster
image6.pubmatic.com/AdServer/ Frame 88A0 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=32137693&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.196 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e31312eabb9468e2aae1859b983f47f701ee3ec8d4297c861668556f0cee8615

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 23:55:41 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
setuid
prebidserver.pixfuture.com/
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fprebidserver.pixfuture.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D?gdpr=&gdpr_consent=&us_privacy=
  • https://prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a
86 B
824 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
HTTP/1.1
Server
137.184.242.150 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

expires
0
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
86
vary
Origin
content-type
image/png

Redirect headers

Location
https://prebidserver.pixfuture.com/setuid?bidder=grid&gdpr=&gdpr_consent=&f=i&uid=0528797d-468d-41e3-a0a3-eb0b49ac154a
Date
Wed, 18 Jan 2023 23:55:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
v2
ap.lijit.com/readerinfo/ 		41 B
466 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/readerinfo/v2
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.60 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software
/
Resource Hash
2d32601cbf11cba991a9f637dc3c92d69498ed77ee7441829bba1e0ff4ac3419

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://securityaffairs.co
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61
async_usersync
ib.adnxs.com/ Frame CC80 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
AN-X-Request-Uuid
bfb78023-3ec9-492b-89ef-d448980ab661
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 867F 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:41 GMT
AN-X-Request-Uuid
941b64ae-cf61-4879-acbd-84147ad99f74
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
integrator.js
adservice.google.com.au/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1002 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=947860906757487&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.02&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C320x50&ifi=10&adks=3534550220&sfv=1-0-40&prev_scp=sovrn-viewability%3D0.3%26sovrn-engagement%3D0.1&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086141126&lmt=1674086141&dlt=1674086134003&idt=4511&adxs=320&adys=1144&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=320x-1&msz=320x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
f10e20c507ad315131cc3f6738e41ab3e87890448b13c2c9dff57e8d091fca34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
435
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4079479525170594&correlator=3652559825482750&eid=31071693&output=ldjh&gdfp_req=1&vrg=2023011001&ptt=17&impl=fif&iu_parts=330713950%2Cgam-bidding-0.02&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x50%7C300x75%7C320x50%7C468x60%7C728x90&ifi=11&adks=3805896192&sfv=1-0-40&prev_scp=sovrn-viewability%3D0.3%26sovrn-engagement%3D0.1&eri=1&sc=1&cookie=ID%3Df79cb34ae632bc9d-220ae90b57d90012%3AT%3D1674086136%3AS%3DALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA&gpic=UID%3D00000ba7abaa85f0%3AT%3D1674086136%3ART%3D1674086136%3AS%3DALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw&abxe=1&dt=1674086141203&lmt=1674086141&dlt=1674086134003&idt=4511&adxs=320&adys=404&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&psz=728x-1&msz=728x-1&fws=4&ohw=1600&psts=ACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1%2CACgb8tuRJQV3aL0wM5iAvTk_u1w1&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
3eca328d4878787ba6a65de658f251de1dfbefe317a146129559eced96131c29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8235
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame 66F6
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.84.60.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 331E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
42 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 18 Jan 2023 23:55:41 GMT
Expires
Wed, 18 Jan 2023 23:55:40 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 277 3f0ad7a master hkg-pixel-x22 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:29ae63c8-86fd-4c00-852a-8d5532010346&gdpr=0&gdpr_consent=
b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame E853 		0
0
Pug
simage2.pubmatic.com/AdServer/ Frame B5A4
Redirect Chain
  • https://cm.ambientdsp.com/cm/send?vc=pmj
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=ymgksbd9958
1 B
149 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=ymgksbd9958
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-encoding
utf-8
cache-control
no-store
content-length
0
date
Wed, 18 Jan 2023 23:55:42 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=ymgksbd9958
lws
127.0.0.1
strict-transport-security
max-age=31536000; includeSubDomains
time-ms
0
Pug
simage2.pubmatic.com/AdServer/ Frame 99B0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6829783725336387995&gdpr=0&gdpr_consent=
42 B
219 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6829783725336387995&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

AN-X-Request-Uuid
e2b07c80-c462-432e-bf0b-6d9780b7bbbe
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Wed, 18 Jan 2023 23:55:41 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6829783725336387995&gdpr=0&gdpr_consent=
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pug
image2.pubmatic.com/AdServer/ Frame E19D
Redirect Chain
  • https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
42 B
335 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Fri, 04 Aug 1978 12:00:00 GMT
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma
no-cache
strict-transport-security
max-age=86400
usersync.aspx
dis.criteo.com/dis/ Frame C339 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.146 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Wed, 18 Jan 2023 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
358332
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
Pug
simage2.pubmatic.com/AdServer/ Frame 4D39
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gOAn0L4xSOBWEzv8ZVODtWfR_og
42 B
526 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gOAn0L4xSOBWEzv8ZVODtWfR_og
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Wed, 18 Jan 2023 23:55:42 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gOAn0L4xSOBWEzv8ZVODtWfR_og
send
sync-dsp.ad-m.asia/dsp/api/sync/ Frame 32EB 		43 B
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=pubmatic&rd=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyNTMmdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
220.150.223.50 , Japan, ASN4686 (BEKKOAME BEKKOAME INTERNET INC., JP),
Reverse DNS
50.223.150.220.in-addr.arpa
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Cache-Control
no-store,no-cache
Connection
close
Content-Length
43
Content-Type
image/gif
Date
Wed, 18 Jan 2023 23:55:42 GMT
Pragma
no-cache
Server
nginx
expires
-1
Pug
image2.pubmatic.com/AdServer/ Frame 95BA
Redirect Chain
  • https://gocm.c.appier.net/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=MjYocD1WDI6dIWGd_YbIYw
42 B
279 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=MjYocD1WDI6dIWGd_YbIYw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:41 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

cache-control
no-store
content-length
153
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:41 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=MjYocD1WDI6dIWGd_YbIYw
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
cm
ipac.ctnsnet.com/int/ Frame 68A4 		43 B
369 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
173.193.186.35.bc.googleusercontent.com
Software
Apache-Coyote/1.1 /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="NOI DSP COR NID CUR OUR NOR"
pragma
no-cache
server
Apache-Coyote/1.1
via
1.1 google
Pug
simage2.pubmatic.com/AdServer/ Frame 7C20
Redirect Chain
  • https://ipac.ctnsnet.com/int/cm?exc=14&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA%3D%26piggybackCookie%3D%5Buser_id%5D
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95bd444efd664061ba2ea932188cbd2a
42 B
271 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95bd444efd664061ba2ea932188cbd2a
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html;charset=UTF-8
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=95bd444efd664061ba2ea932188cbd2a
p3p
CP="NOI DSP COR NID CUR OUR NOR"
pragma
no-cache
server
Apache-Coyote/1.1
status
302
via
1.1 google
x-xss-protection
1; mode=block
pxd
dps.jp.cinarra.com/ Frame 9A4D 		95 B
220 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dps.jp.cinarra.com/pxd?PLATFORM_ID=D&USER_ID=5993FD6F-2052-41AE-959A-8C36066B8E0B
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.114.228.14 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-228-14.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Connection
keep-alive
Content-Length
95
Content-Type
image/png
Date
Wed, 18 Jan 2023 23:55:42 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 4D7D
Redirect Chain
  • https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qkzkqtcro5i
42 B
210 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qkzkqtcro5i
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-encoding
utf-8
cache-control
no-cache, no-store
content-length
0
date
Wed, 18 Jan 2023 23:55:41 GMT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=1qkzkqtcro5i
lws
222
strict-transport-security
max-age=31536000; includeSubDomains
time-ms
0
Pug
simage2.pubmatic.com/AdServer/ Frame 0AFA
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:pbTARIMb1Piiho5&gdpr=0&gdpr_consent=
42 B
219 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:pbTARIMb1Piiho5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Wed, 18 Jan 2023 23:55:41 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:pbTARIMb1Piiho5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0109dcac4c2b59493@ap-southeast-1a@dxedge-app-ap-southeast-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame C0E3
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1674086142205
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8412802698
  • https://sync.1rx.io/usersync/tradedesk/2c40e9b7-c90f-4920-beee-5949d681755b
  • https://sync.targeting.unrulymedia.com/csync/RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
42 B
97 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-type
text/html
date
Wed, 18 Jan 2023 23:55:43 GMT
etag
RXe7d04bf0eeef41fc9f444f088054fa00004
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pug
simage2.pubmatic.com/AdServer/ Frame 0032
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=9da6e500-978b-11ed-8d63-e8aaf2555249
42 B
244 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=9da6e500-978b-11ed-8d63-e8aaf2555249
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, proxy-revalidate
content-length
0
content-type
image/gif
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Thu, 23 Sep 2004 17:42:04 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=9da6e500-978b-11ed-8d63-e8aaf2555249
p3p
CP="NOI OTC OTP OUR NOR"
pragma
no-cache
server
Cowboy
x-realserver-nx
aws-apsoutheast1b-delivery-2
141
match.deepintent.com/usersync/ Frame 8B94 		0
44 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.18.47.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-length
0
date
Wed, 18 Jan 2023 23:55:41 GMT
server
b
i.match
s.tribalfusion.com/z/ Frame 64D7
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
449 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.173 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
78bb43534cbb5ab0-MEL
content-length
43
content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
78bb4351aa6b5ab0-MEL
content-type
text/html
date
Wed, 18 Jan 2023 23:55:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
163
cookiesync
core.iprom.net/ Frame 7617 		43 B
280 B 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Connection
close
Content-Length
43
Content-Type
image/gif
Date
Wed, 18 Jan 2023 23:55:42 GMT
Vary
Accept-Encoding
X-adserver-worker
leviathan-668aa41d3f66@version_1.533
X-core-time
1ms
X-server-arch
v2
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 88A0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WZP9byBSQa6Vmow2BmuOCw%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
23.72.44.196 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-196.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
content-encoding
gzip
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=68368
accept-ranges
bytes
content-length
5554
expires
Thu, 19 Jan 2023 18:55:09 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
458249.gif
idsync.rlcdn.com/ Frame 88A0
Redirect Chain
  • https://idsync.rlcdn.com/420486.gif?partner_uid=5993FD6F-2052-41AE-959A-8C36066B8E0B
  • https://pippio.com/api/sync?pid=5324&it=1&iv=8708154c996f15e9ee1f71cca71558192847a6704b10781586bd90c77c29d386791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA4NzA4MTU0Yzk5NmYxNWU5ZWUxZjcxY2NhNzE1NTgxOTI4NDdhNjcwNGIxMDc4MTU4NmJkOTBjNzdjMjlkMzg2NzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA4NzA4MTU0Yzk5NmYxNWU5ZWUxZjcxY2NhNzE1NTgxOTI4NDdhNjcwNGIxMDc4MTU4NmJkOTBjNzdjMjlkMzg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI_o2ingYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=0ab7265a-91a5-41ec-864a-ee8de7c78e44
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=0ab7265a-91a5-41ec-864a-ee8de7c78e44
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=0ab7265a-91a5-41ec-864a-ee8de7c78e44
date
Wed, 18 Jan 2023 23:55:42 GMT
via
1.1 google
x-samesite
secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
content-type
text/html; charset=utf-8
info2
uipglob.semasio.net/pubmatic/1/ Frame 88A0
Redirect Chain
  • https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent=
42 B
570 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
HTTP/1.1
Server
119.9.108.211 , Hong Kong, ASN45187 (RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong, HK),
Reverse DNS
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:36 GMT
frontend-id
0
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type
image/gif
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
42
routing-server-id
1
expires
Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:36 GMT
frontend-id
0
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location
/pubmatic/1/info2?sType=sync&sExtCookieId=5993FD6F-2052-41AE-959A-8C36066B8E0B&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
1
expires
Sat, 01 Jan 2011 12:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NTk5M0ZENkYtMjA1Mi00MUFFLTk1OUEtOEMzNjA2NkI4RTBC&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMl1WR-jKVQinFryMBPkaOw&google_cver=1
42 B
300 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMl1WR-jKVQinFryMBPkaOw&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEMl1WR-jKVQinFryMBPkaOw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D
42 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Tue, 17 Jan 2023 23:55:42 GMT
5993FD6F-2052-41AE-959A-8C36066B8E0B
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 88A0 		43 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/5993FD6F-2052-41AE-959A-8C36066B8E0B?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.77.64.78 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-77-64-78.ap-southeast-1.compute.amazonaws.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
42 B
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2c40e9b7-c90f-4920-beee-5949d681755b&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
355
SPug
image4.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=5993FD6F-2052-41AE-959A-8C36066B8E0B&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Nfrv0shE2uUw54CCeV5zW1MWg6SmpyE-~A&gdpr=0
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Nfrv0shE2uUw54CCeV5zW1MWg6SmpyE-~A&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.85 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-Nfrv0shE2uUw54CCeV5zW1MWg6SmpyE-~A&gdpr=0
date
Wed, 18 Jan 2023 23:55:41 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5046790675265509198
42 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5046790675265509198
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5046790675265509198
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0528797d-468d-41e3-a0a3-eb0b49ac154a
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=0528797d-468d-41e3-a0a3-eb0b49ac154a
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=45136c68-77af-4ad9-b5b8-4a5fc1e6790c&user_group=1&ssp=pubmatic&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent=&gdpr_pd=
1 B
246 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&gdpr_consent=&gdpr_pd=
Date
Wed, 18 Jan 2023 23:55:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
1 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3056000562068370838&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:40 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=168720cf344c20a4&is_secure=true&networkId=17100&version=1&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALXg1dbQ0riwNZlNa9AAAAAAA&expiration=1674172542&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&...
42 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALXg1dbQ0riwNZlNa9AAAAAAA&expiration=1674172542&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&is_secure=true&gdpr_consent=&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAALXg1dbQ0riwNZlNa9AAAAAAA&expiration=1674172542&nuid=5993FD6F-2052-41AE-959A-8C36066B8E0B&is_secure=true&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 88A0
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6829783725336387995
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6829783725336387995
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Wed, 18 Jan 2023 23:55:42 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Wed, 18 Jan 2023 23:55:41 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 897.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
63c2eddc-ac9c-46b9-a27f-663f2061ec1a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6829783725336387995
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
320x50.png
cdn.pixfuture.com/banners/ Frame 4ADC 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.pixfuture.com/banners/320x50.png
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:41 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
152383
content-length
20836
last-modified
Tue, 02 Feb 2021 21:40:24 GMT
server
cloudflare
etag
"6019c6c8-5164"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qcjw4auGsPzLGqGVC7R%2BOP3NcQ3su0tS7bA0NP0eK5ztMzV5U%2FRtKoWrmpTpIFia3EE6HiVFWPGPezzfCrHGx9jXkWD6hDlCUK123exKBm%2FbZ3eIAhN62srQdNs3V4v%2FswNW"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=172800, no-transform
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
78bb4350ffe629ab-MEL
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Wed, 18 Jan 2023 15:53:13 GMT
tracking.php
served-by.pixfuture.com/www/headerbid/library/tracking/ 		0
189 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://served-by.pixfuture.com/www/headerbid/library/tracking/tracking.php
Requested by
Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/hb_v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
161.35.253.218 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
esp.js
oa.openxcdn.net/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 02:52:58 GMT
content-encoding
gzip
age
162164
x-guploader-uploadid
ADPycdvg0gYs5MUbDaaWHJH03QZqUaraiqxfFddulfG09pAL3yK-XoAvFU1wjQBWPTkLmFsCH6AgOYR4A-YGBXKvOODTncXREHIB
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Wed, 17 Jan 2024 02:52:58 GMT
publishertag.ids.js
static.criteo.net/js/ld/ 		39 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.129 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
nginx /
Resource Hash
7ea9327b36f8ea3355ad8a33cf7bd5735cbf2e11ed96744279181a0fedd2401e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 18 Jan 2023 01:20:50 GMT
server
nginx
etag
W/"63c74972-9c1f"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Thu, 19 Jan 2023 23:55:42 GMT
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 		732 B
896 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 18 Jan 2023 23:55:42 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
26825
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
437
x-served-by
cache-fra-eddf8230037-FRA, cache-fty21337-FTY
x-jsd-version-type
branch
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
esp.js
cdn.id5-sync.com/api/1.0/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.52.86 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc871e89201aa44e7380e81e7f7846c4164e5a5d3374ba722a90e518ad48feae
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 18 Jan 2023 10:47:58 GMT
server
cloudflare
x-amz-request-id
ANHX47306AF09CA8
age
3133
etag
W/"854d94282c6b6d99cd8ba33bb311e621"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
78bb4356da4efea1-MEL
x-amz-id-2
NP6sd5jLdOKS/NKzA7NWn/B3W2JsJ0QxUjAW+w6UMHOnBsTob7ECeRxMmds7pBV6tYnOc8qlIcs=
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:35:37 GMT
via
1.1 google
age
1205
x-guploader-uploadid
ADPycdtxuTFkxG5-dTDXPidMrZMWQ3jv9ZqEwpGLf7Zj-hUPHRhLRBVN_Qwat87EZ6RcDUiPwVix1UcK3Hx_F4lxOq4ofip4Tzqi
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1258
last-modified
Fri, 29 Jul 2022 16:55:09 GMT
server
UploadServer
etag
"f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation
1659113709880056
x-goog-hash
crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type
text/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
1258
accept-ranges
bytes
expires
Thu, 19 Jan 2023 00:35:37 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/ 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-106.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4ea737ac05e8ee5e490220d97b820834c18cd7c6f1da7d85007a51a5c64425df

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 20:15:18 GMT
content-encoding
gzip
via
1.1 32b95ef5feec0715f987a398c50c07d0.cloudfront.net (CloudFront)
last-modified
Thu, 05 Jan 2023 20:08:05 GMT
server
AmazonS3
x-amz-cf-pop
SIN2-P1
age
13224
x-amz-server-side-encryption
AES256
etag
W/"87ee016ad429d1c83712b8d81ccb3c59"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-id
s2fkOPfK1xizURA0z5kSsYj_4rhI0dNP4JTqzWx6Q9zflQ2zeDerqw==
uid2SecureSignal.js
cdn.prod.uidapi.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.33.78.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-78-115.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 08:10:57 GMT
Via
1.1 9725312341802185c9ebf086bf95544e.cloudfront.net (CloudFront)
Last-Modified
Thu, 22 Dec 2022 00:57:19 GMT
Server
AmazonS3
X-Amz-Cf-Pop
SIN2-P2
Age
56686
ETag
"aded621b17723f487b3c9d0e43cf2f94"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1859
X-Amz-Cf-Id
EOjoWRa1_SPRrsDORaji_FExcFcEKHaVxYaFpKnLopqfKCdDm2TPGw==
container.html
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C27D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023011001.js?cb=31071693
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:39 GMT
expires
Thu, 18 Jan 2024 23:55:39 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
map
bcp.crwdcntrl.net/6/ 		156 B
534 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
c4bdb4f0c55bcd07bebfb50ae82484f64d99927482ef280f8e399053afaeb71e

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:41 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache
x-server
10.42.24.191
access-control-allow-credentials
true
content-length
156
expires
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 77EB 		624 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame C27D 		76 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27384
x-xss-protection
0
server
cafe
etag
10506132538256102613
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Wed, 18 Jan 2023 23:55:42 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CDeJKsiiWJDZmcVwZuKeU5NhO5MsvwnCNwz32HvpOjT1WPzAbyQ5yIddTDGmZWbfvyOUIZ0FR3DT_u72zGQxle3xdU-29LJUqHAqyZT5UkuwANb4Y
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14753050300958711113&x=1&ct=76
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230117/r20110914/client/ Frame C27D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230117/r20110914/client/window_focus_fy2021.js
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 15:54:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
28854
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 01 Feb 2023 15:54:48 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230117/r20110914/client/ Frame C27D 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230117/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
cafe /
Resource Hash
5602905cd2a14cedc8625f943afd5be4cade0e98a5a0dffe443007a62d3359a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 20:30:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
12290
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7515
x-xss-protection
0
server
cafe
etag
5914713042212191929
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 01 Feb 2023 20:30:52 GMT
l
www.google.com/ads/measurement/ Frame C27D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQF5l5rOM7Nj6rHbZ_l6ejcYS09NV3rr3sm_7zso4JrkfP_UWsB1XxzG9qcXt1mbM3xSQc-xm4ls8FPGFyP1vaB0mJnnw
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f106.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C27D 		157 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
sffe /
Resource Hash
cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49309
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1673441803913192"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 18 Jan 2023 23:55:42 GMT
collect
analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=2oe1a1&_p=940554831&cid=307525084.1674086137&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674086136&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&dr=https%3A%2F%2Ft.co%2F&dt=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&en=scroll&epn.percent_scrolled=90&_et=137
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-P62M3QN974&gtm=2oe1i0&_p=940554831&cid=307525084.1674086137&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674086137&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&dr=https%3A%2F%2Ft.co%2F&dt=Aurora%20Stealer%20Malware%20is%20becoming%20a%20prominent%20threatSecurity%20Affairs&en=scroll&epn.percent_scrolled=90&_et=10
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P62M3QN974&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f138.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.co
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame CC80 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
AN-X-Request-Uuid
cb3ab93d-02d8-4594-a10f-dd9670beff89
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 867F 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
AN-X-Request-Uuid
85a7be79-d568-4a47-a6bb-4cd5dc0051ec
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 77EB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 77EB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y8iG.9f3KcCGVGHQ8T7zlQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Protocol
HTTP/1.1
Server
139.5.84.243 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEItQ6PfwG-NzEKrrdFJx3F4&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 77EB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEFRp_6jPGKosezB99_wfwac&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEFRp_6jPGKosezB99_wfwac&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Protocol
HTTP/1.1
Server
104.254.148.252 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:42 GMT
AN-X-Request-Uuid
3b1d6ef7-def0-485e-ae2a-fd2633fe3a11
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEFRp_6jPGKosezB99_wfwac&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 77EB
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgyOTc4MzcyNTMzNjM4Nzk5NQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgyOTc4MzcyNTMzNjM4Nzk5NQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIKSIxC9tCMY4LLHbDAB&v=APEucNWv0DafnzNs37laKGZ5gadKyXrC6PqTQkZdpTZ1lepug9GVxLt_IdwzpVwin4KUiti1p2yLxce_RhTKqrl_KfNGoOBK_w
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 18 Jan 2023 23:55:42 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
103.209.254.136; 103.209.254.136; 894.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
83bcb1bb-1092-4547-b5d0-d6fca50f9e71
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgyOTc4MzcyNTMzNjM4Nzk5NQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1910875708272&version=m202209210101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1910875708272&version=m202209210101&ct=76&x=1&cor=14753050300958712000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame C27D 		67 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f156.1e100.net
Software
cafe /
Resource Hash
249af0ebfd2f68a24f5e9e113d26e485abb969167196895ce39626cf1f289914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33090
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 1117
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
  • https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
281 B
410 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Wed, 18 Jan 2023 23:55:42 GMT
etag
"403b9-119-5ec73a0a33d00"
last-modified
Wed, 02 Nov 2022 02:30:44 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 18 Jan 2023 23:55:42 GMT
location
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server
AkamaiGHost
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C836
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.4&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predire...
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.72.44.196 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-72-44-196.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=68367
content-encoding
gzip
content-length
5554
content-type
text/html
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Thu, 19 Jan 2023 18:55:09 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Thu, 01-Jan-70 00:00:01 GMT
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma
no-cache
referrer-policy
unsafe-url
server
33XP005
x-33x-status
40000000008200000A
cm
us-u.openx.net/w/1.0/ Frame 7070
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.6&ri=70&ru=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fcm%3Fid%3Dc6a5ba0d-ce02-41bd-a1ea-842c68bd5108%26ph%3D8f5ed5d4-642c-4222-968a-d709c...
  • https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D...
1 KB
595 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
161fc53bd395a1c06a8df745e281a24fd42768dcda8b978b15fd953cb8f55c39

Request headers

Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
576
content-type
text/html
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
date
Wed, 18 Jan 2023 23:55:42 GMT
expires
Thu, 01-Jan-70 00:00:01 GMT
location
https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma
no-cache
referrer-policy
unsafe-url
server
33XP019
x-33x-status
40000000008200000A
match
events-ssc.33across.com/ Frame 6D3D
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&gdpr=&consent=&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dthe33...
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=805f7fa5b68f4a4090c50dc3f4a7352a&ssp=the33across&bsw_param=0528797d-468d-41e3-a0a3-eb0b49ac154a&gdpr=&consent=&gdpr_pd=&expires=7
  • https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=0528797d-468d-41e3-a0a3-eb0b49ac154a
  • https://events-ssc.33across.com/match?bidder_id=10&external_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
82 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H3
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:44 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
referrer-policy
unsafe-url
server
33XP012
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=0528797d-468d-41e3-a0a3-eb0b49ac154a&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
match
events-ssc.33across.com/ Frame 6D3D
Redirect Chain
  • https://ssc-cms.33across.com/ps/?us_privacy=&ts=1674086142168.3&ri=1&ru=https%3A%2F%2Fsync.mathtag.com%2Fsync%2Fimg%3Fus_privacy%3D%24%7BUS_PRIVACY%7D%26mt_exid%3D73%26redir%3Dhttps%253A%252F%252Fe...
  • https://sync.mathtag.com/sync/img?us_privacy=&mt_exid=73&redir=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D1%26external_user_id%3D%5BMM_UUID%5D
  • https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=29ae63c8-86fd-4c00-852a-8d5532010346
68 B
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=29ae63c8-86fd-4c00-852a-8d5532010346
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png

Redirect headers

Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x18 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=1&external_user_id=29ae63c8-86fd-4c00-852a-8d5532010346
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:41 GMT
match
events-ssc.33across.com/ Frame 6D3D
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=104&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D45%26xu%3D%7BuserId%7D
  • https://ssc-cms.33across.com/ps/?us_privacy=&xi=45&xu=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155
  • https://events-ssc.33across.com/match?bidder_id=45&external_user_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
126 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events-ssc.33across.com/match?bidder_id=45&external_user_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
Protocol
H2
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://de.tynt.com/deb/?m=xch&rt=html&ru=deb&id=azC7qard4r6OkMaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined&b=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
referrer-policy
unsafe-url
server
33XP015
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://events-ssc.33across.com/match?bidder_id=45&external_user_id=eeee0d2c-8019-43b3-8525-769c78429e8a-63c886fc-4155&ts=1674086143&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
esp
oajs.openx.net/ 		85 B
326 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&rid=esp
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
53.135.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
08b303cd7af9e0641ef8eb559b97d95e299945705cbec27f5a8d1cd44df06221

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://securityaffairs.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-ACYQGFou5kZNzSsUYwpvlYQ8po4"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.co
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230117/r20110914/ Frame C27D 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230117/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
ff6aaa3f3b8023816a9b164be90fb958c63857e984fea977c3b38d1542566299
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 18:11:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
20676
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10811
x-xss-protection
0
server
cafe
etag
10713822464293745175
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 01 Feb 2023 18:11:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230117/r20110914/elements/html/ Frame C27D 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230117/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 18:11:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
20675
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2986
x-xss-protection
0
server
cafe
etag
3296546412363819624
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 01 Feb 2023 18:11:07 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C27D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTHep8-gMLR6qULTrfeYR9Oh6cmE43N5MP4bNTKIyncjbmw7vrW_fjFQNFcFBN-vPVd2i5rAPExBQRohlPQ8lBzmR8Nj_dVu2eP0DdPK1AcyBcE7Cn3-NGjAT7ChbYh3UFcV4-GROCAAfF-B-LQhAhNtZmp-QOWwzSrcwR3Oyx_RjkisdSJNA67jFd8zoXuT1KJZ4uNzqBN77XtuvU6dGVx9CNQcov09FelE9JAVTnwvmCY1mf5blaKk0ZNc9GK6ROOC635-2l09Pc7piRVkc2mm4IVx9c1R52bJmzkJxzh-HuOipv5Ekbma4x5qBv14cuikY7rISkqOBILmUW_ZEn8Kw9w8LFlkx4gr8_isHZag5H-hSOsW1_p-rqp8Rmj9xYhQXHtlsURqOcOAU0BC3j2MOZsKVsLeB0NsNT-012tFOPtJrp2w5fxai_yIsX4Ko3pNPj6tiTI_CbGZSNQPyKxvSQW202NATsI6qp8WHhqgxxJ6yO1sfAk91lYPTePe4t7wUjoIHyjq0CbNw8vMCcINxVwaG_dpAgCf9vhIqgQw-MdZVRQJcTay8YH5FDNh1DgHsIkLIAOCXa-iS09Z7XyVsjMJKTqZzz9kRBytFzV1tPbkYXiYmrL4xuVmj0I6yP2MlR51KSgbU75LRoYz7J72NTg75Dh8xSOfobsI_wIFGhOebYZhz-R6GkGn1Iu9bPKGS2v0BopHnn3yuo2tIalyUzLzFpLm7GrbJ3OVcbqI1KBbcxUdy5KUF11OhSM9eKzJGYb5VtmNlQBsSPstlKSRfsNnjQh4qnzQtDRh6pXSZbx7JaozSCUKJ2zZGcDnX2lbs-1WyeSNmPKpx6JDLZc28wiTYsn3q8vvngo6AjDJy_Q9tGHKnPNQV8K1yopNSYZ-dRxDa9kkaEouBE5-ACRHiwdC9poz2uMybym4t6uTbRD5hVSDK5tBXZh4NvcXliVTZWCQ5ZkZgNnqTl8T9QUyOxnpDYqDx31SkgZo7LL_kVKFakq4F71AmzTy9CiBXLPCekyIco5eodruccC5-tIA352kxlg7TI-J-E05GblmA-GVZMZ_rvTFlLAj3Qk7V0PN_eyfFGY2ACDv-TsevxMcO2IopQZNJNAy6krz1Q6LRC02eTOhQHh46SWI4ebOFkSHKkSbWjucOQlfcgiZsBDOFskHZ3hskBVMkCLp6nexmkq3Zkdh4q&sai=AMfl-YTyjJMtbufFvFxyLYQurCKZOF32NBa-X7DMN53iK9ri1QVHz5hp-zpsr-HCT0FCINZMBPe-Cs_u8Nzv0OmezHRQCyd5JMbi11GtHZ2TWt5KXDBZA296OUbYwAfx2Y2BN0tYpNDhjGMmCHJyhfBBZ4jcCnJb8qdcDFfBQNVFLSbR7yNb5YSskVOesSQSdfBpuPqv80NS0RzHxRG-f5sFVqyMg0TPskB8sto6qwjeeZEHLbULM0INfCkR1SruXFKAyLdnngEe_28xuw&sig=Cg0ArKJSzMX0qhqB24vREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230117.78056&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f154.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 18 Jan 2023 23:55:43 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 18 Jan 2023 23:55:43 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame C27D 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sun, 15 Jan 2023 09:40:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310485
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 15 Jan 2024 09:40:57 GMT
1258545655381912180
s0.2mdn.net/simgad/ Frame C27D 		67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/1258545655381912180
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f149.1e100.net
Software
sffe /
Resource Hash
524aa0f042e131dc017cea2aae6a2930067efa3464b908e8fa22b400dccf8ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Mon, 16 Jan 2023 16:01:15 GMT
x-content-type-options
nosniff
age
201268
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68385
x-xss-protection
0
last-modified
Thu, 13 Oct 2022 03:11:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 16 Jan 2024 16:01:15 GMT
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
72093884558b18d7a418e8e807f6b69e81ae859da02f471ad03150f009af430b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
v1
lbs.eu-1-id5-sync.com/lbs/ 		34 B
286 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.116 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533567.ip-162-19-138.eu
Software
/
Resource Hash
e0daa60932ea70294041118f42032b94e6a69a971832a050c683357fd20c2f63
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://securityaffairs.co
date
Wed, 18 Jan 2023 23:55:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
34
vary
Origin
content-type
application/json
usync.js
eus.rubiconproject.com/ Frame 1117 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.31.5.52 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-5-52.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
eaedc6e62ec182fafcc46a6577feca0ecba7ab52da561b10fae4e9e0f7a64e32

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
content-encoding
gzip
last-modified
Wed, 18 Jan 2023 11:16:04 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=40818
content-length
10036
expires
Thu, 19 Jan 2023 11:16:00 GMT
encrypt
esp.rtbhouse.com/ 		265 B
360 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://esp.rtbhouse.com/encrypt
Requested by
Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
3d6c19c08bec8d317950c288311da106033c1565bba6fe368020776595cb4702

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 18 Jan 2023 23:55:44 GMT
via
1.1 google
server
Google Frontend
content-type
application/json
access-control-allow-origin
*
x-cloud-trace-context
df84dc2cb503f097663be9f85d1f1186
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
265
encrypt
esp.rtbhouse.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://esp.rtbhouse.com/encrypt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://securityaffairs.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET
access-control-allow-origin
https://securityaffairs.co
access-control-max-age
600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
content-type
text/plain; charset=utf-8
date
Wed, 18 Jan 2023 23:55:44 GMT
server
Google Frontend
vary
Origin
via
1.1 google
x-cloud-trace-context
8009420c8b11e59d078e3ced5daeb52a
match
events-ssc.33across.com/ Frame 7070 		68 B
126 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=70&external_user_id=5c5ec8cd-099b-489a-a56a-7d719c0d5239
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png
sd
us-u.openx.net/w/1.0/ Frame 7070
Redirect Chain
  • https://i.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://us-u.openx.net/w/1.0/sd?id=537072979&val=pbTARIMb1Piiho5
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072979&val=pbTARIMb1Piiho5
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-0d2fbe602de210bea@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location
https://us-u.openx.net/w/1.0/sd?id=537072979&val=pbTARIMb1Piiho5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
ny75r2x0
sync-tm.everesttech.net/upi/pid/ Frame 7070 		0
0
openx
tr.blismedia.com/v1/api/sync/ Frame 7070 		0
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/openx
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sd
jp-u.openx.net/w/1.0/ Frame 7070
Redirect Chain
  • https://bk.r-ad.ne.jp/3/cs
  • https://jp-u.openx.net/w/1.0/sd?id=537097918&val=52VNth00ZBDAY008ZSWp
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=537097918&val=52VNth00ZBDAY008ZSWp
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-store, no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Server
nginx
P3P
CP="NON DSP COR CURa ADMa DEVa CUSo TAIa PSDo OUR BUS UNI COM NAV STA"
location
//jp-u.openx.net/w/1.0/sd?id=537097918&val=52VNth00ZBDAY008ZSWp
cache-control
private, no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
X-SID
159f32b0
pxd
dps.jp.cinarra.com/ Frame 7070 		95 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dps.jp.cinarra.com/pxd?PLATFORM_ID=1&USER_ID=4c8759a3-c9c5-8239-c355-c0f505c57f98
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.114.228.14 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-228-14.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Wed, 18 Jan 2023 23:55:42 GMT
Connection
keep-alive
Content-Length
95
Content-Type
image/png
bef2a2e7-47bc-ea3c-f88a-6454690e0d2f
pr-bh.ybp.yahoo.com/sync/openx/ Frame 7070 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/bef2a2e7-47bc-ea3c-f88a-6454690e0d2f?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.77.64.78 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-77-64-78.ap-southeast-1.compute.amazonaws.com
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
openx
cs.nex8.net/cs/ Frame 7070 		0
0
dds
rtb.openx.net/sync/ Frame 7070
Redirect Chain
  • https://rtb.openx.net/sync/dds
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=9WNOn36WwVsvKT4WRUD63A==&ox_sc=1&ox_init=1
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
82mm9f7lkbf0in8atamaapvcn934otle

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
249
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
send
sync-dsp.ad-m.asia/dsp/api/sync/ Frame 7070 		43 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=openx
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
220.150.223.50 , Japan, ASN4686 (BEKKOAME BEKKOAME INTERNET INC., JP),
Reverse DNS
50.223.150.220.in-addr.arpa
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Server
nginx
Content-Type
image/gif
Cache-Control
no-store,no-cache
Connection
close
Content-Length
43
expires
-1
sd
jp-u.openx.net/w/1.0/ Frame 7070
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fjp-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://jp-u.openx.net/w/1.0/sd?id=536872786&val=29ae63c8-86fd-4c00-852a-8d5532010346
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jp-u.openx.net/w/1.0/sd?id=536872786&val=29ae63c8-86fd-4c00-852a-8d5532010346
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?id=c6a5ba0d-ce02-41bd-a1ea-842c68bd5108&ph=8f5ed5d4-642c-4222-968a-d709c87ac3c8&us_privacy=&r=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D70%26external_user_id%3D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 18 Jan 2023 23:55:42 GMT
Server
MT3 277 3f0ad7a master hkg-pixel-x12 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://jp-u.openx.net/w/1.0/sd?id=536872786&val=29ae63c8-86fd-4c00-852a-8d5532010346
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 18 Jan 2023 23:55:41 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame FFA2 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

age
60665
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 07:04:37 GMT
etag
48472445140208031
expires
Thu, 19 Jan 2023 07:04:37 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame C27D 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
151f4c5dd54a6549cde6d5fe9fee79a9352e92c12d5d641443f569d62b965c10

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
pd
google-bidout-d.openx.net/w/1.0/ Frame 4E5D 		451 B
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
bd67c15761e915cf1fc28f8182c783d86fd8c8bfa7c38e2b85a431e6c1753e34

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
311
content-type
text/html
date
Wed, 18 Jan 2023 23:55:42 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame AED0 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
310485
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 15 Jan 2023 09:40:57 GMT
expires
Mon, 15 Jan 2024 09:40:57 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
match
events-ssc.33across.com/ Frame 1117
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LD2BNVRV-25-BIU8
  • https://ssc-cms.33across.com/ps/?xi=1&xu=LD2BNVRV-25-BIU8
  • https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LD2BNVRV-25-BIU8&ts=1674086144&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
68 B
82 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LD2BNVRV-25-BIU8&ts=1674086144&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol
H3
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:44 GMT
cache-control
no-cache, no-store, max-age=0, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
referrer-policy
unsafe-url
server
33XP016
x-33x-status
8000000008200000A
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LD2BNVRV-25-BIU8&ts=1674086144&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
syncframe
gum.criteo.com/ Frame 49FE 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=securityaffairs.co
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
b09a581bc29f4bdbe66bef5c69b90cc1a003e849e2f7706f47a9f0c5f5a6860e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://securityaffairs.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 18 Jan 2023 23:55:42 GMT
server
Kestrel
server-processing-duration-in-ticks
936092
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sd
us-u.openx.net/w/1.0/ Frame 4E5D
Redirect Chain
  • https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID}
  • https://openx2-match.dotomi.com/match/bounce/current?DotomiTest=38301584b0d01b1d&is_secure=true&networkId=15900&version=1&nuid=%7BOX_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAALXg1dbQ0rzQMFX1vDAAAAAAA&expiration=1674172543&nuid={OX_USER_ID}&is_secure=true
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAALXg1dbQ0rzQMFX1vDAAAAAAA&expiration=1674172543&nuid={OX_USER_ID}&is_secure=true
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://us-u.openx.net/w/1.0/sd?id=537072954&val=AAALXg1dbQ0rzQMFX1vDAAAAAAA&expiration=1674172543&nuid={OX_USER_ID}&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
sync
ups.analytics.yahoo.com/ups/58294/ Frame 4E5D 		0
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&gdpr=0&uid=04f1472a-0f7a-423c-9a7a-b3ab01fa340f
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.74.162.2 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-162-2.ap-southeast-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sd
us-u.openx.net/w/1.0/ Frame 4E5D
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=DBC010B964614E7AA4882A163626B83D
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072966&val=DBC010B964614E7AA4882A163626B83D
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Wed, 18 Jan 2023 23:55:43 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://us-u.openx.net/w/1.0/sd?id=537072966&val=DBC010B964614E7AA4882A163626B83D
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Tue, 17 Jan 2023 23:55:43 GMT
redirect
match.rundsp.com/ Frame 4E5D 		0
0
19cb1bfc173dcb98ccec
s.amazon-adsystem.com/x/ Frame 4E5D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/x/19cb1bfc173dcb98ccec
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame FFA2
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1&google_push=AavPq0PvUFBWm71JE2y-Pt3yKyq6Cj40cxdzMHlpehoh48RA-tglqcb0WsyE55HxoAMTOdPCucVBl6edO-3uwpLITuezY3sGcNs
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzA1NjAwMDU2MjA2ODM3MDgzOA==&gdpr=0&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1
43 B
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
50.116.239.135 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEFtsD2DY-oENrjNmx-gHfxE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FFA2
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBosTxMWy-4PqT_YJX5bgTs&google_cver=1&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_e...
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_eIdbIPlZ8iidgJ-_irEuziJ9lIUsw3WFqLUaQeVT9hZ&google_hm=MUtbjr...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_eIdbIPlZ8iidgJ-_irEuziJ9lIUsw3WFqLUaQeVT9hZ&google_hm=MUtbjrwePdRvzFSpOjOz5w
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AavPq0OPr-Ad0eu1dCN4e3c6nmuGl8FQbYAUc5QtivKXPeohlCsDXgJZ_eIdbIPlZ8iidgJ-_irEuziJ9lIUsw3WFqLUaQeVT9hZ&google_hm=MUtbjrwePdRvzFSpOjOz5w
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FFA2
Redirect Chain
  • https://cs.r-ad.ne.jp/2/cs?google_gid=CAESEBkTBGPQIpx46Ra_LqQ5_1U&google_cver=1&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA
  • https://cm.g.doubleclick.net/pixel?google_nid=rcrt&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA&google_hm=NTJWTnRoMDEwQkRHYTAwN1F...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rcrt&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA&google_hm=NTJWTnRoMDEwQkRHYTAwN1FudXk
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-store, no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Server
nginx
P3P
CP="NON DSP COR CURa ADMa DEVa CUSo TAIa PSDo OUR BUS UNI COM NAV STA"
location
//cm.g.doubleclick.net/pixel?google_nid=rcrt&google_push=AavPq0Ok5PAs23QEKii0_guCOJzNm9xLeL4vJi4_2Kx4hODzQgILTmT0LSos0GwtheB9XRHLcCTMnPCLOVr3o4ivTN5Gop8d8qQA&google_hm=NTJWTnRoMDEwQkRHYTAwN1FudXk
cache-control
private, no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
X-SID
159f32b0
pixel
cm.g.doubleclick.net/ Frame FFA2
Redirect Chain
  • https://dynalyst-sync.adtdp.com/pixel?pid=10&google_gid=CAESECJAh4mUNmqEbg6Ia_D3Hes&google_cver=1&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASL...
  • https://cm.g.doubleclick.net/pixel?google_nid=cyberagent_dynalyst&google_hm=MTAyOTUyMjM5NzA&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASLL8i1Bg...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=cyberagent_dynalyst&google_hm=MTAyOTUyMjM5NzA&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASLL8i1BgmpJtiI
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=cyberagent_dynalyst&google_hm=MTAyOTUyMjM5NzA&google_push=AavPq0N63AScSzFWJqYOtBfXZ6r5VGkdx5_-VSMAOgz8P59tBQ5lpkcEhu1jcpdDeCGsXE5N-7umsSQpWWOGASLL8i1BgmpJtiI
Date
Wed, 18 Jan 2023 23:55:43 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame FFA2
Redirect Chain
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEAlbSC1nH1QTW0Yef9wJ2kQ&c_param1=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs&gdpr=%%GDPR%%&a...
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AavPq0Np8WVYW8-ZqwVJPxEcSiwAms7vwMWKo_ffHeEYIcJhw_H5F-dgbLnwd8ECMylGm5QFabhbabHouGDHLROxdEqevUQySfs
date
Wed, 18 Jan 2023 23:55:43 GMT
server
nginx/1.19.0
content-length
0
pub
cs.chocolateplatform.com/ Frame FFA2 		0
0
pixel
cm.g.doubleclick.net/ Frame FFA2
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEBz_xMH954A38Gh3wo6EVXc&google_cver=1&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLC...
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLCIyKMMPV5OcZPWKTJet7m1NwvQ&google_hm=ZXNIYXBNV0tZaH...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLCIyKMMPV5OcZPWKTJet7m1NwvQ&google_hm=ZXNIYXBNV0tZaHZlbXc2ZWRvTEc=
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 18 Jan 2023 23:55:43 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=AavPq0MIJIN5vbAKxyi_s1JOYZvfewl5BCoxJcwNy4bNNLYBpTYP3E01gpwDlcpegZ4TWg_0kPqLCIyKMMPV5OcZPWKTJet7m1NwvQ&google_hm=ZXNIYXBNV0tZaHZlbXc2ZWRvTEc=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
242
Expires
Thu, 01 Dec 1994 16:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame FFA2 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFQZUdBOJtXNFS1ZJwg14Sp7IArx_NqoOT971eT_LN3rBm-JTxZkuiAUU7ocfUgg4aslVdmQ
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
json
gum.criteo.com/sid/ Frame 49FE 		484 B
584 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=publishertagids&domain=securityaffairs.co&sn=ChromeSyncframe&so=3&topUrl=securityaffairs.co&bundle=YkWnVl9McSUyRlpoZ1hNQzl4aGUxcktCUlZRS1Fhb0JLTk5SY2lnZ0tHRXVsUjVXSGZhdGE5azk1dFpwQlVHcmw5YTNiN25BWnJyU3NQeThlM2hKZU5ONzByU254cHRkZlBDakFUWTNKY1B6YjRMRHglMkY1bXo3NTVNUlRvQ3NaMXBTTzg2Uk4&cw=1&lsw=1&topicsavail=0&fledgeavail=0
Requested by
Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=securityaffairs.co
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
182.161.73.136 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),
Reverse DNS
Software
Kestrel /
Resource Hash
b2edc1517adcb35a4d01da4c934037101748a5f910967eb0fbe495e522b8598f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=securityaffairs.co
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:42 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2438024
expires
0
QkZn2XWhGLuUeJCWE_Zylly3qUWdX-KWqHVIqMIXcrk.js
pagead2.googlesyndication.com/bg/ Frame AED0 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/QkZn2XWhGLuUeJCWE_Zylly3qUWdX-KWqHVIqMIXcrk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
sffe /
Resource Hash
424667d975a118bb9478909613f672965cb7a9459d5fe296a87548a8c21772b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Fri, 13 Jan 2023 06:46:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
493731
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15816
x-xss-protection
0
last-modified
Tue, 03 Jan 2023 14:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 13 Jan 2024 06:46:52 GMT
optimus_rules.json
tags.crwdcntrl.net/lt/c/15238/ Frame CE5F 		155 B
642 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/c/15238/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-106.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff

Request headers

Referer
https://ads.us.e-planning.net/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 18 Jan 2023 06:15:44 GMT
via
1.1 d74ff44bb3d68115cb0aef895f2ee456.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1
age
63601
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
155
last-modified
Tue, 10 Jan 2023 19:25:16 GMT
server
AmazonS3
etag
"1a1722e9cedbdc8af0dcd3345e46c73a"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age: 86400
accept-ranges
bytes
x-amz-cf-id
3eC8M7w05rZTGmdPGsf9S1Z0qxMmUf2XBUdq0sEXnxaPMkIIxDKxsA==
gen_204
pagead2.googlesyndication.com/pagead/ Frame AED0 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BksZ-_obIY8nQEsubz7sP_tu00AcAAAAAOAHgBAI&bg=!YmGlYSXNAAYDMoyoIzI7ACkAdvg8WlppXv2Hiu-CgTfd6hOua2xxoeQUiAYNwFMTPKwuDjU0ewXcnAIAAABOUgAAAAJoAQeZAvHhQq29ro7ToEy-1cRIcIZtOPF1V8gKqcL_XZAGizLfMm66JTUyx_X0Pw-SyF8-FbnhPw3X4aMFr5dROkBG1sTOUZ1QnBLc_pKa3wPtVTnHuUYnIV2ywZzeemgt5NYdhlCPYppdRM4gbbtNZEmOt8qSOrLKrSmFVzNzMexKUSeVslAyVxNnFh8XzG1VA8aT1wMZ0Rl8pE4wGFzJmIpSzLsw7agmNU6WJO2hOLt6tDhH5HDqUgVpOUWX42f1Dg5WhymvKvHL6ByOKubBkXAU37nAudUUb6b9WT_Z-n5PphfLACRZIdWJw1E5d25sXVyoaa-IlHbbTAJNxxht7hlk786pKZ5CXQ7jsrdcld__1ZwefwbxvpnWCjYDv0fVVBxFClCPscFvVIrXrSZsxnCJNACCVeclA1thl1OLnrPx_j3g6adUkeKduNmHfeXJndlw5APbB6g-nwxfBqJ5cwRjbyDyLjLzvibrzo-k90iVdT0rAZ4CJAtGM4V6-dI_8sZNb1PS_RK29MHwFWQPhtxbwiEJq4B-aiXh5_-oYMJgLZeM66u7Kf45FngKM5uZP-8aQ0lhCjvUdwNe4KJcfTPbuDk2oAfmZbpC4x6ed2aJ_rINkFL1q1Ylx1XII53AXOEVxA-7JHUDnnLavnOSSFiOUeL01xVuFsUpSU_U0w58-gJ1q1IKUlqyghGobVYyuo7crGZO63IM96r_Sv9Fe2nmDcIlPfgTtssBTK7w0q3J5vcgoIuNjRMAvJxB0LoJJz-dCC-xsoGVNoQr3KNMQNjGP1-OP3_BBWQQrOsAZ3ms-ZmjTFY9f4F3GzJaEPMOSYUvOuMxL6PoaeNaBCLe6MvC4_UTv_L0RfwDgCOnZFYR0Li8yDYPO7DXPixx7M-hiP3C_o_kZa8sFUNqsTFnPg4PN92fF043w8bfWZkcofw6gAC9ZNpslhaXqxzw4PKotqiyOG0Ya-5EA6hGkTvqSVPq4IFD8CfjgdCgiPpo6HBYfTvn0LU
Requested by
Host: ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
URL: https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 88A0 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.85 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
529.json
id5-sync.com/g/v2/ 		455 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/529.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
f2e9b18f6ea1a12aa7a8cac5d1015c6da99e62eca429828379fc140850b94eca
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://securityaffairs.co/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://securityaffairs.co
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
view
googleads4.g.doubleclick.net/pcs/ Frame C27D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssTHep8-gMLR6qULTrfeYR9Oh6cmE43N5MP4bNTKIyncjbmw7vrW_fjFQNFcFBN-vPVd2i5rAPExBQRohlPQ8lBzmR8Nj_dVu2eP0DdPK1AcyBcE7Cn3-NGjAT7ChbYh3UFcV4-GROCAAfF-B-LQhAhNtZmp-QOWwzSrcwR3Oyx_RjkisdSJNA67jFd8zoXuT1KJZ4uNzqBN77XtuvU6dGVx9CNQcov09FelE9JAVTnwvmCY1mf5blaKk0ZNc9GK6ROOC635-2l09Pc7piRVkc2mm4IVx9c1R52bJmzkJxzh-HuOipv5Ekbma4x5qBv14cuikY7rISkqOBILmUW_ZEn8Kw9w8LFlkx4gr8_isHZag5H-hSOsW1_p-rqp8Rmj9xYhQXHtlsURqOcOAU0BC3j2MOZsKVsLeB0NsNT-012tFOPtJrp2w5fxai_yIsX4Ko3pNPj6tiTI_CbGZSNQPyKxvSQW202NATsI6qp8WHhqgxxJ6yO1sfAk91lYPTePe4t7wUjoIHyjq0CbNw8vMCcINxVwaG_dpAgCf9vhIqgQw-MdZVRQJcTay8YH5FDNh1DgHsIkLIAOCXa-iS09Z7XyVsjMJKTqZzz9kRBytFzV1tPbkYXiYmrL4xuVmj0I6yP2MlR51KSgbU75LRoYz7J72NTg75Dh8xSOfobsI_wIFGhOebYZhz-R6GkGn1Iu9bPKGS2v0BopHnn3yuo2tIalyUzLzFpLm7GrbJ3OVcbqI1KBbcxUdy5KUF11OhSM9eKzJGYb5VtmNlQBsSPstlKSRfsNnjQh4qnzQtDRh6pXSZbx7JaozSCUKJ2zZGcDnX2lbs-1WyeSNmPKpx6JDLZc28wiTYsn3q8vvngo6AjDJy_Q9tGHKnPNQV8K1yopNSYZ-dRxDa9kkaEouBE5-ACRHiwdC9poz2uMybym4t6uTbRD5hVSDK5tBXZh4NvcXliVTZWCQ5ZkZgNnqTl8T9QUyOxnpDYqDx31SkgZo7LL_kVKFakq4F71AmzTy9CiBXLPCekyIco5eodruccC5-tIA352kxlg7TI-J-E05GblmA-GVZMZ_rvTFlLAj3Qk7V0PN_eyfFGY2ACDv-TsevxMcO2IopQZNJNAy6krz1Q6LRC02eTOhQHh46SWI4ebOFkSHKkSbWjucOQlfcgiZsBDOFskHZ3hskBVMkCLp6nexmkq3Zkdh4q&sai=AMfl-YTyjJMtbufFvFxyLYQurCKZOF32NBa-X7DMN53iK9ri1QVHz5hp-zpsr-HCT0FCINZMBPe-Cs_u8Nzv0OmezHRQCyd5JMbi11GtHZ2TWt5KXDBZA296OUbYwAfx2Y2BN0tYpNDhjGMmCHJyhfBBZ4jcCnJb8qdcDFfBQNVFLSbR7yNb5YSskVOesSQSdfBpuPqv80NS0RzHxRG-f5sFVqyMg0TPskB8sto6qwjeeZEHLbULM0INfCkR1SruXFKAyLdnngEe_28xuw&sig=Cg0ArKJSzMX0qhqB24vREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1081&vt=11&dtpt=1080&dett=2&cstd=0&cisv=r20230117.78056&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTNbMCr_9Iw2NJnx78boKdwdeRSaLd86JM2oInihROZvn8l99kRYQArArslRB1vUxUliAkTWxy61cYG9sIxQorwfBBW97_mHHLlFPMuo0h6T7YxDOwFkpc8BMkK8fjv5y-PrlVwqPfOYoKFei2xv6_S7XFGjSFjDIGWZVpekWCWSSxw1Q&dbm_d=AKAmf-Ad84_G-mPhsc9xAAUCoYPPFMhBLAHiwddqwDVREyJRaLPwGaX8aLSy2PyHXnvBMpVV8t_GHMnAYlwNmLKp_guDFFrQYXCYMLPYB54lf8WSbX0U30rt53CC6RN_hnkW3F7UoBCWt-Iod8qjpwT-Xs3CMlgxW068szYBdftNQZAF2xW15yJd8mEkUxHsK_dVXC5OeDyoBui3wTBBkz1coN6D9Vu015YpZrLvfCYzgWoaOYaUeEO7UZV6vF15ZRWWUBBwY3bOIE-uDvef8sO-cGWUG51lqYyAPF4dXuM8IdhsxDs_jjEIp7mV0PnFyUqAmf1miQocFVBe8gjcoeyogmiF4Ygy-U_DsNaOBsJ2lg4dV6haV-ErzXGx6gzJEibTG_9Odkjou7G8GcdfKzhLVJ8h9tSxSZjNIL8eKAEHPHY5ZRdB-Ow_53zsaQeZ3d3V8OfizVZ6JCo4rNTHHKaDhRXdvMo4xBtAWrZImNhkmjKoWquSlUXlszBTJNZY_ckDbFsKJKlMJj7LiEcOFPB9fc2L6TnAcRWS3bFZJNjddtjD0Ma8vaR0Lpr_NQgalqypRV8sWWWDikMbU_xNCUJQroc-VgLo96l6v32JBFmEzTqt42BVKIxco0q-Jjo0XXbiXCea7tbyTJocGwOrgsh__XYWyXshmzot6zxYhKZooLHDjYMCfke7--qjNx3ZmQF5LHhxvXkCX7IdnOHbH-QA8QXKiA_pNoX7Jnycfn_K-7BsvdtErMKd4d3_p1Gw5n4dyLHqjqozY_xI1blJMx6lFub1rxehorUhA2baJ1qw5JV9I89w-R7cU2e7iyK0H3hMAhrG5LBsOPz4MP6xon4QZcvut-aQjN8oV4e-QEeVLBJzdbZt4nuGALaIL_EwyKJJ4hT5e35LKxYT3Rt8KPGfOtIfPfclea5KPhFaE393iEh_1tsgoYugR0rLGAFhJEuht0u3xRtS1LB1ASbEz7-v7FxFwtlKUy2VtLZTop_PJTgsNgSPM5A2JX-wBjQ-XJm92i1rUewikH2fD-aRyMPIGGSdVquuG1EkRhyGAQfqit5FPLScHkX4eTxrO4VFjznBrcTnoZ-DgiyfGtvEp1Im4wvavo709hTh0_DTlnqtefVEHlm8MRwj-qoye6fWgEysW_SZbFRIGg-0WXxZKYrmyHc4z4X5lSReaFmjDiQPsPJaA86x7xy51yBi1LYJnrRzKLweCjoSV5jiTgaR7P1Vn_NA524Lekl__Y_uRBR7g75w6lPuu4ttU-VfscFrbWlfaiDh6cZs69ZISUuuMABJOcwb9uR5acHNt04ZsgrIIWhZJH4phpA-sFve0dyquiAiSouLHu0uIa1O7b7Cv3vVkhbQVNCpecLMSSPkKdB0O-dHoRxoc_PsICf2EFHfu13FRdz_yyW_8gZmHG6iGkWH0vN4rMlq7St27mIcwnK7u0HWL9Jvuao_g6j6PIN2Tewtxk8ujYjC5PHJH4mkVVfVRZzx72E8hbXQe0xmy3QnSIXc4Vp30IiV757dz34Wyh7UyGxxULoBatcoumoOlpwuVt1fYUXPZgoz7reYcGo9MPDafP7-mK1Bl-xH76Jw1yG4Y2WgxFVAnzO3nDZs7QO6wQ6xjPGUVWHseAxKfHciV1dSm5nI_4WLV2yB1OmqhkE9mDvza8qmXasct31_GdvH3cdMzBoDaeY1hf0o9H6mHiGSPRis-HSGzjaN3r66zkfct32zmlbjdgfMLouidSZknGjWwmYLjhcAUlY1MmboIAj-ITyxUK2EJCCTu9GxuIP41daPhI-89ztJC5FOu7iyZb9pN_13HRVEUCAv5OLEJYx0_ww8XfwDl7zqBTMmVANgSFUf_Hlpc9LvCnIyV9aLWm974SyCGtZ7Kle7Xw-Z77CY3RE2HJMS4mBPYGJ4YuOJ5wuln1M9L09p1rST1LKC8vWhAhOaEBhcTitINp_luyrm5fz0Z-ZdXgcIbLqFaGrHyJCCqLbsUiizMkKo5KA8H0YzpDqWVKZ6NiWygK1-7M5kFT-hS-O8ehWxLH6mrRQrHGGYR2EtMS-J1873ejYxuVVIjnLM8FL5Zp_vfQkJCL99VOF6fhfO3Og4eUNAOIYbv7iDK07Z4nBxzJOc4IVKpm6qn3CC_kqCJ3meEesXDX_mztpcb8CC9LacSI7QYpCJd0_s1uebivfSUPwdCKqtJ00z1Ws3F2FnVxNX-fjWtHdT-mLQG-MVfvgSQO_mta2tlIOQmGS-RahYGbYn3xLQnUv5rEpzww2tvHHgWHoGNygUN-JPbEAO8MFYxnFG5I2bNsawS3OTs4z4FRW85H-mokK3csUCfZqzMOiUH7e2I8ODCaxMG7Xa2wnAX_M_vRVK7O14SHV03dxmNbE0s5RO74VlDf4CrrgjbKIO7d5tTzdnshEYQ9M_6kuCIqmTXQwrU_pz56jvWWPusesqwjGQDwxpGYlHRUxjxZlRq5Xb-iAipvrRMI15F_YROSlv864P0K0sGnse9ESsCqbDFbIeroT5N2Y7KOyZEhTcwV5Lfb_r8SQ_i_mgnT76KZKh_-vES-NOOymz0KRPZ_gfaDtjOZWODc8eRnIBNqLy8hYReWH2v-rfyzrEbNH_MhvUQRq6sXoScZplXy2cdFuZcQiz9BSPBB03hJyq2jHlqgvtSsV2fjpnzD7Z8vTO1FIu1iXt7fQkOZOKu52-3POYddt4KBYiNqM9GugvZkh7i6TZAcxIetU4orQATod9AuSpdbDjnfpUZ61OuUwOabylfL588rWR0G67kwEBgOJlI6yadgqoTo3H4rxzOpEBlCMft64UQA8sW2UlVtTo7VliG8rwTnJxqll-OSjVKp0gZVboyVTpciInroIhobvDuqbxNLYMVAHm8GANOJJlLNpKPEgYbIxMIhFDHHaW6Ba5k4rETYzQjKf-TYHiicRZj58xHNa1NEEyoJTKs4508tdr1j9ohOa2eOj2-0sk8QW_lrN3vtCAkfRS7H9RgX77YblhCYinIg06BCxoIFBvpcDtX1_1mJ0VhkOlJPg_S1WG_hmV2QHMP39y8xJCy7xyr_EvPD1ppIxTYVNgNrQf_ot6V_6-sZ_rarz-8dFFtmLUPv6vs-jkMB9eA1KDcmLZP9EQx18RGNYh-BwqcXC9Y0ue40xnkysbnbKsj20YKYneQIwcnAi0ZzOEOF-bGY1-5wY6Gk34V-WGXlaF8Ugp_6-Yna27Q5jxb0tsKg&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&dv3_ver=m202209210101&rfl=https%3A%2F%2Fsecurityaffairs.co%2F&ds=l&xdt=1&iif=1&cor=14753050300958712000&adk=2004672170&idt=257&cac=0&dtd=20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f154.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:43 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Wed, 18 Jan 2023 23:55:43 GMT
data
bcp.crwdcntrl.net/6/ Frame CE5F 		183 B
985 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
f4947b301d4e8d4b2e647a1582d2a250e60b2984903f731e5b398540e9305dab

Request headers

Referer
https://ads.us.e-planning.net/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:43 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://ads.us.e-planning.net
cache-control
no-cache
x-server
10.42.25.186
access-control-allow-credentials
true
content-length
183
expires
0
lt.iframe.html
tags.crwdcntrl.net/lt/shared/2/ Frame 78E2 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/15238/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-106.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Referer
https://ads.us.e-planning.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

age
13232
cache-control
max-age: 86400
content-encoding
gzip
content-type
text/html
date
Wed, 18 Jan 2023 20:16:16 GMT
etag
W/"6fcf4f5197ab24c92d090f6ac8d87e01"
last-modified
Mon, 01 Feb 2021 20:35:17 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 32b95ef5feec0715f987a398c50c07d0.cloudfront.net (CloudFront)
x-amz-cf-id
hQb8T23CrQqLIT9dsfJpP_5WV1OhonesPq_h2w5LwBYw7Vef4aGB5g==
x-amz-cf-pop
SIN2-P1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
PugMaster
image6.pubmatic.com/AdServer/ Frame 8EC8 		737 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=41748076&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.196 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
2faa2f6cf7fa8f3dcad31f1fe71142976b25bff1306bcc828ea93adde0fa8615

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 18 Jan 2023 23:55:44 GMT
content-length
737
content-type
text/html; charset=UTF-8
pixels
bcp.crwdcntrl.net/ Frame 6B94 		717 B
910 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
40b1e5f38d5371d8bf8548c9a511418753eafdb58d54896cc356aa37a15552d0

Request headers

Referer
https://tags.crwdcntrl.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-cache
content-length
717
content-type
text/html
date
Wed, 18 Jan 2023 23:55:44 GMT
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma
no-cache
server
Jetty(9.4.38.v20210224)
x-server
10.42.6.147
Pug
simage2.pubmatic.com/AdServer/ Frame 09B5
Redirect Chain
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
0
74 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:45 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

content-length
0
date
Wed, 18 Jan 2023 23:55:45 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server
_
Pug
simage2.pubmatic.com/AdServer/ Frame D710
Redirect Chain
  • https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D&gdpr=0&gdpr_consent=
1 B
72 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.86 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Wed, 18 Jan 2023 23:55:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-length
142
content-type
text/html
date
Wed, 18 Jan 2023 23:55:44 GMT
expires
Tue, 17 Jan 2023 23:55:44 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DBC010B964614E7AA4882A163626B83D&gdpr=0&gdpr_consent=
server
openresty
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
qmap
sync.crwdcntrl.net/ Frame 8EC8 		49 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=5993FD6F-2052-41AE-959A-8C36066B8E0B&gdpr=0&gdpr_consent=
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.42.17.208
content-length
49
expires
0
receive
pixel.tapad.com/idsync/ex/ Frame 8EC8
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=5993FD6F-2052-41AE-959A-8C36066B8E0B
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%2C%2C
95 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%2C%2C
Requested by
Host: securityaffairs.co
URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Protocol
H3
Server
107.178.244.193 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
193.244.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:44 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=2c40e9b7-c90f-4920-beee-5949d681755b&ttd_puid=27e829ea-f885-4844-97aa-1a0edfbc0935%2C%2C
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
359
pixel
cm.g.doubleclick.net/ Frame 6B94 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=YzI2MTI4NTkyZDJlZTQyZTQ2YTM5Y2NiZDM3YmQxMTk&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.118.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f157.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame 6B94
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=LOTME&gdpr=0
  • https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-.WWi_RZE2pzWDSmkPytiMjLzlcJ4LsRLXmQ-~A&gdpr=0
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-.WWi_RZE2pzWDSmkPytiMjLzlcJ4LsRLXmQ-~A&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H2
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.42.21.48
content-length
49
expires
0

Redirect headers

date
Wed, 18 Jan 2023 23:55:44 GMT
strict-transport-security
max-age=31536000
via
http/1.1 spdc0101.pbp.sg3.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
content-type
text/html;charset=utf-8
location
https://sync.crwdcntrl.net/qmap?c=5437&tp=DTAX&tpidqp=tpidqa&tpidqa=y-.WWi_RZE2pzWDSmkPytiMjLzlcJ4LsRLXmQ-~A&gdpr=0
content-length
0
5907
tags.bluekai.com/site/ Frame 6B94 		62 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=75fc0cac2a3de940c3107f40d9228d9c
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.73.13.201 , Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-13-201.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Wed, 18 Jan 2023 23:55:44 GMT
content-length
62
content-type
image/gif
usermatch.gif
beacon.krxd.net/ Frame 6B94 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=c26128592d2ee42e46a39ccbd37bd119
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.15.49 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-15-49.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-served-by
beacon-n004-pdx-prod.krxd.net
date
Wed, 18 Jan 2023 23:55:45 GMT
cache-control
private, no-cache, no-store
x-request-time
D=31 t=1674086145
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
qmap
sync.crwdcntrl.net/ Frame 6B94
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=lotame&gdpr=0
  • https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-80e027d0-be31-48e0-5613-3bfc655383b5$ip$103.209.254.136&gdpr=0&gdpr_consent=
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-80e027d0-be31-48e0-5613-3bfc655383b5$ip$103.209.254.136&gdpr=0&gdpr_consent=
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H2
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.42.4.89
content-length
49
expires
0

Redirect headers

Location
https://sync.crwdcntrl.net/qmap?c=6569&tp=STKA&tpid=0-80e027d0-be31-48e0-5613-3bfc655383b5$ip$103.209.254.136&gdpr=0&gdpr_consent=
Date
Wed, 18 Jan 2023 23:55:44 GMT
Connection
keep-alive
Content-Length
169
Content-Type
text/html; charset=utf-8
gdpr_consent=
sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=2c40e9b7-c90f-4920-beee-5949d681755b/gdpr=0/ Frame 6B94
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
  • https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=2c40e9b7-c90f-4920-beee-5949d681755b/gdpr=0/gdpr_consent=
49 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=2c40e9b7-c90f-4920-beee-5949d681755b/gdpr=0/gdpr_consent=
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=22%2C41%2C12%2C80%2C54%2C116&c=15238
Protocol
H2
Server
52.74.234.58 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-74-234-58.ap-southeast-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.42.19.11
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=2c40e9b7-c90f-4920-beee-5949d681755b/gdpr=0/gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
249
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1910875708272&version=m202209210101&ct=76&x=1&cor=14753050300958712000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C27D 		42 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstIRAftB86FORpBHB3HQINvVXNnTTEzSxB93zLmECVeBO0b3MMEEl-fS4-yWcdcnw6IHXpLU3R9ZLRhVUpB7AYlFLGx2YpzXesEpZJeeBibmojaKH-GfbzYy1n5IaE2gAGXFwI&sai=AMfl-YSSVqpQshPgA4wNfW3BYfWrtztYwtvR5lNrS2ZiacglFl3TbUwIpjgJhxt1TI6pP2KM4PkUUv-7KmF9KSjsvbSL82EHp994kB8e8FD0SIwSItNCA2HmLKNTKu51rws&sig=Cg0ArKJSzMLRyvkHGt-DEAE&cid=CAQSPADq26N9mAw_DhwuSt_3Fm9ZR98BIGJ64hb2cUqBO7YmPbyi38a0dz0vI8oQcA1Erdw99xzdlOzHmxsxhBgBIBM&id=lidar2&mcvt=1010&p=404,320,494,1048&mtos=1010,1010,1010,1010,1010&tos=1010,0,0,0,0&v=20230111&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3805896192&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1674086141683&rpt=1977&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f155.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 18 Jan 2023 23:55:44 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame C836 		47 B
226 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=44976353&p=156423&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.231.98.196 , Japan, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 18 Jan 2023 23:55:45 GMT
content-length
47
content-type
text/html; charset=UTF-8
match
events-ssc.33across.com/ Frame 0AE4 		68 B
82 B 		Document
General
Check archive.org
Download Go to
Full URL
https://events-ssc.33across.com/match?liv=g&us_privacy=&bidder_id=25&external_user_id=5993FD6F-2052-41AE-959A-8C36066B8E0B
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dg%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.239.117.34.bc.googleusercontent.com
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
68
content-type
image/png
date
Wed, 18 Jan 2023 23:55:46 GMT
via
1.1 google
SPug
simage4.pubmatic.com/AdServer/ Frame 8EC8 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.199.150.85 Los Angeles, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Wed, 18 Jan 2023 23:55:46 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
securityaffairs.com
URL
https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Domain
securityaffairs.com
URL
https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.ttf?v=4.0.3
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Domain
demand.trafficroots.com
URL
https://demand.trafficroots.com/sync.php?partner=3379&redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D137%26partneruserid%3D%7Btrafficroots_id%7D&gdpr=0&gdpr_consent=
Domain
sync-tm.everesttech.net
URL
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Domain
sync-tm.everesttech.net
URL
https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
Domain
cs.nex8.net
URL
https://cs.nex8.net/cs/openx
Domain
match.rundsp.com
URL
https://match.rundsp.com/redirect?ex=openx
Domain
cs.chocolateplatform.com
URL
https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEDxqyTQUXZNU7qPNFT0nd3g&google_cver=1&google_push=AavPq0Olw7QbTlNXzu8SNaMFZYGQQaefaviGW2mw7n8_9t0PGyF_X8HI3y9O6_JrvcBGOviNKkv5MOBSQp1M9wtLxsEAJp0rK85l

Verdicts & Comments Add Verdict or Comment

232 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| oncontentvisibilityautostatechange object| _wpemojiSettings object| twemoji object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots number| google_rum_task_id_counter string| google_user_agent_client_hint undefined| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| mnetCustomerData function| injectMnetScript object| _mNHandle number| medianet_versionId object| st object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ object| dataLayer function| google_spfd number| google_unique_id object| google_sv_map function| gtag object| WPCOM_sharing_counts object| Main object| BrowserDetect object| mejs function| onYouTubePlayerAPIReady function| onYouTubePlayerReady function| MediaElement function| MediaElementPlayer function| $j function| imagePreview object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| wp function| st_go function| linktracker_init object| wpcom string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| headerBidParamObject object| attrData string| pxft_clear_cache_flag undefined| pxft_first_init_activated undefined| attrDataArray object| displayPlacement_PF_script boolean| pixfuture_environment_started function| init_____display____pixfuture object| ID5EspConfig object| google_tag_manager function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages function| onYouTubeIframeAPIReady boolean| isPxftLibrariesPending function| findCMP_PixFuture object| pbjs_pixChunk object| pbjs_pix object| _pbjsGlobals object| mnet object| googletag object| pxft_googletag boolean| _pxft_iel_init boolean| pxft_first_init_iel_activated object| __connect function| lotameIsCompatible function| sync16589_ba function| sync16589_b undefined| sync16589_c undefined| sync16589_ca undefined| sync16589_d function| sync16589_e object| sync16589_g function| sync16589_da function| sync16589_ea object| sync16589_ object| sync16589_ha object| sync16589_o object| sync16589_ta object| sync16589_K function| sync16589_aa function| sync16589_a function| sync16589_f function| sync16589_h function| sync16589_i function| sync16589_j function| sync16589_k function| sync16589_ga function| sync16589_fa function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_p function| sync16589_ia function| sync16589_ja function| sync16589_r function| sync16589_ka function| sync16589_s function| sync16589_t function| sync16589_q function| sync16589_u function| sync16589_la function| sync16589_v function| sync16589_w function| sync16589_x function| sync16589_y function| sync16589_z function| sync16589_A function| sync16589_B function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_C function| sync16589_ma function| sync16589_G function| sync16589_H function| sync16589_na function| sync16589_oa function| sync16589_I function| sync16589_J function| sync16589_pa function| sync16589_qa function| sync16589_ra function| sync16589_sa function| sync16589_L function| sync16589_M function| sync16589_N function| sync16589_O function| sync16589_P function| sync16589_Q function| sync16589_R function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_Z function| sync16589_X function| sync16589__ function| sync16589_Y function| sync16589_0 function| sync16589_1 function| sync16589_2 function| sync16589_3 function| sync16589_8 function| sync16589_ua function| sync16589_4 function| sync16589_6 function| sync16589_va function| sync16589_wa function| sync16589_9 function| sync16589_7 function| sync16589_5 function| sync16589_xa function| sync16589_ya function| sync16589_za function| sync16589_Aa function| sync16589_$ function| sync16589_Ba function| sync16589_Ca function| sync16589_Da function| sync16589_Ea object| lotame_sync_16589 object| regeneratorRuntime object| ox_esp function| setImmediate function| clearImmediate object| signal_decrypted object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_134 object| Criteo object| Criteo_identitytag_134 object| __uid2SecureSignalProvider object| __uid2 object| pbjs

185 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 0c4ca249-a65c-4443-b7f9-7e16d81b43d6
.t.co/ Name: muc_ads
Value: 0c4ca249-a65c-4443-b7f9-7e16d81b43d6
securityaffairs.co/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.co/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.co/ Name: _ga
Value: GA1.1.307525084.1674086137
.sharethis.com/ Name: __stidv
Value: 2
.sharethis.com/ Name: __stid
Value: ZHGAA2PIhvgAAAAIM2PaAw==
.securityaffairs.co/ Name: __gpi
Value: UID=00000ba7abaa85f0:T=1674086136:RT=1674086136:S=ALNI_MaR5DNmH4psgIs4EU7h3CH--q95Gw
.securityaffairs.co/ Name: _ga_P62M3QN974
Value: GS1.1.1674086137.1.0.1674086137.0.0.0
.securityaffairs.co/ Name: _ga_NPN4VEKBTY
Value: GS1.1.1674086136.1.0.1674086137.59.0.0
.securityaffairs.co/ Name: fpestid
Value: uPXJmqvnFWuJvW6iQmdd4t_VtBu8vWi4sjRZsQpGuYXlojbzQi5kbG50D7zVd5b6AvnCsQ
.agkn.com/ Name: ab
Value: 0001%3A07O2IE177G%2B0pGBKNWRzkE31Jq4EQVFX
securityaffairs.co/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.securityaffairs.co/ Name: _pubcid
Value: f999fbfa-7e97-4782-938b-ba49f27ef39b
securityaffairs.co/ Name: _lr_retry_request
Value: true
securityaffairs.co/ Name: _lr_env_src_ats
Value: false
.adsrvr.org/ Name: TDID
Value: 2c40e9b7-c90f-4920-beee-5949d681755b
securityaffairs.co/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%222c40e9b7-c90f-4920-beee-5949d681755b%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-01-18T23%3A55%3A38%22%7D
.openx.net/ Name: i
Value: f999fbfa-7e97-4782-938b-ba49f27ef39b|1674086138
.sharethrough.com/ Name: stx_user_id
Value: 564e0de1-fe46-4db4-bb92-0ca7a20c14c6
securityaffairs.co/ Name: pbjs_fabrickId
Value: %7B%22fabrickId%22%3A%22E1%3ACdNWa4MUjlnlKGxRlf4fxZdunXCWLybxY7E3zF9ckZewgq4BvW6MaHYrY3UDFd8HNQsRs7JEA0epeitQpOjOAmyeXRg7zZcsys404rZgnK0%22%7D
.lijit.com/ Name: ljt_reader
Value: GAm7ABZHYXvjwQe6Sna28yvW
.adnxs.com/ Name: icu
Value: ChgI3sJXEAoYASABKAEw-o2ingY4AUABSAEQ-o2ingYYAA..
.securityaffairs.co/ Name: cto_bidid
Value: dUZ9vF9EbURGY1hrS0JTYm5yJTJCcUM2ajlCQUZldkh0aXJHMktWUjVKdnZtcXBTdEUwalNJcyUyQm5VeDhxSHB2TEEzZjE2TjN4WWJsZlhPdkJ2NXo1dWw4Tkt3UFElM0QlM0Q
.adnxs.com/ Name: uuid2
Value: 6829783725336387995
.rubiconproject.com/ Name: khaos
Value: LD2BNVRV-25-BIU8
.go.sonobi.com/ Name: __uis
Value: 9fc35bc0-abf9-4d4c-92f8-241b20ca1662
.go.sonobi.com/ Name: _usd_securityaffairs.com
Value: 5d0b5937-d9d2-49ce-b689-c1df9129f1c0
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: __uir_zt
Value: 1
.go.sonobi.com/ Name: __uir_pp
Value: 1
.go.sonobi.com/ Name: __uin_z1
Value: 1
.go.sonobi.com/ Name: __uir_z1
Value: 1
.go.sonobi.com/ Name: __uir_eb
Value: 1
.go.sonobi.com/ Name: HAPLB3A
Value: s3537|Y8iG/
.yahoo.com/ Name: A3
Value: d=AQABBPuGyGMCELzTTwM46717NMwxeF2UIRkFEgEBAQHYyWPSYwAAAAAA_eMAAA&S=AQAAAqA4Mz9CkOMllr_btcbmP14
.smartadserver.com/ Name: pbw
Value: %24b%3d16999%3b%24o%3d11100
.smartadserver.com/ Name: vs
Value: 351366=5284795
.smartadserver.com/ Name: TestIfCookie
Value: ok
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: sasd
Value: %24qc%3D1500025086%3B%24ql%3DUnknown%3B%24qpc%3D3000%3B%24qt%3D164_1410_42470t%3B%24dma%3D0
.smartadserver.com/ Name: pid
Value: 7044575629546240809
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1500025086%3B%24ql%3DUnknown%3B%24qpc%3D3000%3B%24qt%3D164_1410_42470t%3B%24dma%3D0&c=1&l=1874688790&lo=597497507&lt=638096829391352851&o=1
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: AHx/v96BSeQzdaIa
.securityaffairs.co/ Name: __gads
Value: ID=f79cb34ae632bc9d-220ae90b57d90012:T=1674086136:S=ALNI_MYLCyiSg01E-yJpA16QAd7ZzVXyMA
.doubleclick.net/ Name: IDE
Value: AHWqTUmSfH9ECmmmC_Tl6mCyCnrPASyAl0Te1HhHCWdDkfqvXqCbZWTKNV4kFQs9-Z8
.casalemedia.com/ Name: CMID
Value: Y8iG.9f3KcCGVGHQ8T7zlQAA
.casalemedia.com/ Name: CMPS
Value: 5334
.casalemedia.com/ Name: CMPRO
Value: 5334
.sitescout.com/ Name: ssi
Value: eeee0d2c-8019-43b3-8525-769c78429e8a#1674086140350
.onetag-sys.com/ Name: OTP
Value: cmDmsqQdudlsL7HAQ2pDNnZX4YS7KIgHo_GGXrqkyWQ
.sitescout.com/ Name: _ssuma
Value: eyIzOSI6MTY3NDA4NjE0MDY0MCwiNyI6MTY3NDA4NjE0MDY0MCwiNzAiOjE2NzQwODYxNDA2NDB9
.quantserve.com/ Name: mc
Value: 63c886fc-b69ee-3518b-b8748
.bing.com/ Name: MUID
Value: 22C88A478B1F6A110A6998DA8A7F6BAB
.c.bing.com/ Name: MR
Value: 0
.openx.net/ Name: univ_id
Value: 537072971|2c40e9b7-c90f-4920-beee-5949d681755b|1674086140818616
.dyntrk.com/ Name: dyn_u
Value: 07030001_63c886fcd5d18
.bidswitch.net/ Name: tuuid
Value: 0528797d-468d-41e3-a0a3-eb0b49ac154a
.bidswitch.net/ Name: c
Value: 1674086140
.mathtag.com/ Name: uuid
Value: 29ae63c8-86fd-4c00-852a-8d5532010346
.ladsp.com/ Name: cr
Value: 1
.33across.com/ Name: 33x_ps
Value: u%3D212066650285178%3As1%3D1674086141071%3Ats%3D1674086141071
.socdm.com/ Name: SOSYNC
Value: anNvbjp7Im9wZW54IjoxNjc0MDg2MTQxfQ
.turn.com/ Name: uid
Value: 3056000562068370838
.adfarm1.adition.com/ Name: UserID1
Value: 7190145226286823571
.bidswitch.net/ Name: tuuid_lu
Value: 1674086141
.go.sonobi.com/ Name: __uin_td
Value: 2c40e9b7-c90f-4920-beee-5949d681755b
.ladsp.com/ Name: smn_uid
Value: WIvcts_Mlfd_nnbR7QKieg8y0ZWKh_4
.ladsp.com/ Name: lum
Value: CPKavbrcMBIFCAMQ0AU
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 5993FD6F-2052-41AE-959A-8C36066B8E0B
.zemanta.com/ Name: zuid
Value: esHapMWKYhvemw6edoLG
.crwdcntrl.net/ Name: _cc_dc
Value: 2
.crwdcntrl.net/ Name: _cc_id
Value: c26128592d2ee42e46a39ccbd37bd119
.bidr.io/ Name: bito
Value: AARmS07HkQ4AAB9iFgkGyA
.bidr.io/ Name: bitoIsSecure
Value: ok
.audrte.com/ Name: arcki2
Value: lb4Mhmg4qGXQACswinIaZIvXw!20220908!1674086141412!ip#103.209.254.136
.contextweb.com/ Name: V
Value: 6JWgSS4Sw2lg
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 852ac9a21a56f952
.go.sonobi.com/ Name: __uin_eb
Value: CAESEMLt0v8z1TD60PlhQQqNZ54||1
.rlcdn.com/ Name: pxrc
Value: CP2Nop4GEgUI6AcQABIFCOhHEAASBgjtuSsQAA==
ads.playground.xyz/ Name: connect.sid
Value: s%3AKEqRiuPuGnPXVxM1-sHHPhzyGpdVdPhM.DeTFBBxeRZ8dsDiAwvjuHlZC%2F9bQNRNdhsrUi%2FeuKoM
.go.sonobi.com/ Name: __uin_mm
Value: 29ae63c8-86fd-4c00-852a-8d5532010346
.ctnsnet.com/ Name: cid_1694fc87fb5243dea5c6e7c678e02d40
Value: 1
.ctnsnet.com/ Name: cid_95bd444efd664061ba2ea932188cbd2a
Value: 1
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.tapad.com/ Name: TapAd_TS
Value: 1674086141785
.tapad.com/ Name: TapAd_DID
Value: 27e829ea-f885-4844-97aa-1a0edfbc0935
.adform.net/ Name: C
Value: 1
.ambientdsp.com/ Name: _aGeoIp
Value: AU-Melbourne
.ambientdsp.com/ Name: _aUID
Value: ymgksbd9958
.gammaplatform.com/ Name: _aGeoIp
Value: US|Montevallo
.gammaplatform.com/ Name: _aUID
Value: 1qkzkqtcro5i
.c.appier.net/ Name: _auid
Value: MjYocD1WDI6dIWGd_YbIYw
.tynt.com/ Name: uid
Value: xQdjyWPIhv1iFbxjPR7p1g==
.go.sonobi.com/ Name: __uin_bw
Value: 0528797d-468d-41e3-a0a3-eb0b49ac154a
.adgrx.com/ Name: ADGRX_UID
Value: 9da6e500-978b-11ed-8d63-e8aaf2555249
.securityaffairs.co/ Name: _cc_id
Value: c26128592d2ee42e46a39ccbd37bd119
.securityaffairs.co/ Name: panoramaId_expiry
Value: 1674172541978
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:29ae63c8-86fd-4c00-852a-8d5532010346&KRTB&16736-uid:29ae63c8-86fd-4c00-852a-8d5532010346&KRTB&23019-uid:29ae63c8-86fd-4c00-852a-8d5532010346&KRTB&23114-uid:29ae63c8-86fd-4c00-852a-8d5532010346
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-6829783725336387995&KRTB&23339-6829783725336387995
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3056000562068370838&KRTB&23150-3056000562068370838
.pubmatic.com/ Name: KRTBCOOKIE_1159
Value: 23138-95bd444efd664061ba2ea932188cbd2a&KRTB&23328-95bd444efd664061ba2ea932188cbd2a&KRTB&23445-95bd444efd664061ba2ea932188cbd2a
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-2c40e9b7-c90f-4920-beee-5949d681755b&KRTB&22918-2c40e9b7-c90f-4920-beee-5949d681755b&KRTB&23031-2c40e9b7-c90f-4920-beee-5949d681755b
.pubmatic.com/ Name: KRTBCOOKIE_1290
Value: 23368-ymgksbd9958
.semasio.net/ Name: SEUNCY
Value: 583994359527BB44
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq&KRTB&19420-ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq&KRTB&22979-ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq&KRTB&23403-ts09sbjIOOqtnGiw5ZtzurXPZuutnGa-tMbAe1Fq
.pubmatic.com/ Name: KRTBCOOKIE_1310
Value: 23431-1qkzkqtcro5i&KRTB&23446-1qkzkqtcro5i
.adform.net/ Name: uid
Value: 5046790675265509198
.w55c.net/ Name: wfivefivec
Value: pbTARIMb1Piiho5
.tribalfusion.com/ Name: ANON_ID
Value: aInsIHqkaHbBykt9Zbxa3Y5WZbrNZdfwwchY3nq0iEGoAWm32XqxcvCUrcZdJpWXvfiwkLBkxZaUHIGXe7Ocs3eRLyWrZa
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.bluekai.com/ Name: bku
Value: ikG99wbs0s1Eb3Qy
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&dfb03bd7-83b0-4fe5-81d1-8195eee8468b"
.linkedin.com/ Name: lidc
Value: "b=OGST00:s=O:r=O:a=O:p=O:g=2888:u=1:x=1:i=1674086142:t=1674172542:v=2:sig=AQEr-pS1FZ69DsxXgAUd4yVSfUF9ziRQ"
.pippio.com/ Name: did
Value: WjIhuRLVezcoXlIA
.pippio.com/ Name: didts
Value: 1674086142
.pippio.com/ Name: nnls
Value:
.pubmatic.com/ Name: KRTBCOOKIE_904
Value: 16787-MjYocD1WDI6dIWGd_YbIYw
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 16514-CAESEMl1WR-jKVQinFryMBPkaOw&KRTB&22987-CAESEMl1WR-jKVQinFryMBPkaOw&KRTB&23025-CAESEMl1WR-jKVQinFryMBPkaOw&KRTB&23386-CAESEMl1WR-jKVQinFryMBPkaOw
.simpli.fi/ Name: suid
Value: DBC010B964614E7AA4882A163626B83D
.smartadserver.com/ Name: csync
Value: 49:7190145226286823571|92:6JWgSS4Sw2lg|100:3fbc535b-46d2-4719-8ecf-cc9db04a1ba0
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%2C%7B%22p%22%3A%223bfd58deb3%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%2C%7B%22p%22%3A%227912d88d74%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%2C%7B%22p%22%3A%22bac1bc34e2%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1674086142168%7D%5D
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-5046790675265509198&KRTB&23263-5046790675265509198
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-9da6e500-978b-11ed-8d63-e8aaf2555249&KRTB&23275-9da6e500-978b-11ed-8d63-e8aaf2555249
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:DBC010B964614E7AA4882A163626B83D
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:pbTARIMb1Piiho5&KRTB&23421-uid:pbTARIMb1Piiho5
prebidserver.pixfuture.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJlcGxhbm5pbmciOnsidWlkIjoiQUh4L3Y5NkJTZVF6ZGFJYSIsImV4cGlyZXMiOiIyMDIzLTAyLTAxVDIzOjU1OjQwLjQ5ODg1Mzc0NFoifSwiZ3JpZCI6eyJ1aWQiOiIwNTI4Nzk3ZC00NjhkLTQxZTMtYTBhMy1lYjBiNDlhYzE1NGEiLCJleHBpcmVzIjoiMjAyMy0wMi0wMVQyMzo1NTo0Mi4zNjg1NjAzODhaIn0sIm9uZXRhZyI6eyJ1aWQiOiJjbURtc3FRZHVkbHNMN0hBUTJwRE5uWlg0WVM3S0lnSG9fR0dYcnFreVdRIiwiZXhwaXJlcyI6IjIwMjMtMDItMDFUMjM6NTU6NDEuMDczNzM3MzcxWiJ9fSwiYmRheSI6IjIwMjMtMDEtMThUMjM6NTU6NDAuNDk4ODI3MzI1WiJ9
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNrQ0NzKwMDEwszC1NDYyNjMzMBPiM9RNM_MrC4uyzMsM9PQAAJtQ_8wlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNrQ0NzKwMDEwszC1NDYyNjMzMBPiM9RNM_MrC4uyzMsM9PQAAJtQ_8wlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1slymtoZm5iYGFmaGJkYmwKALXj0iEQAAAA
pool.admedo.com/ Name: tuuid
Value: 45136c68-77af-4ad9-b5b8-4a5fc1e6790c
pool.admedo.com/ Name: c
Value: 1674086142
pool.admedo.com/ Name: tuuid_lu
Value: 1674086142
.amazon-adsystem.com/ Name: ad-id
Value: AxSFHQWavknTl61lcG0rU94
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-80e027d0-be31-48e0-5613-3bfc655383b5.6W%2FZ4AkQBf%2BlFZyoatMyrRIrjPYLDvSsrmTyYxogKwY
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AgOAn0L4xSOBWEzv8ZVODtWfR_og.VuY5DOIgnW5hBKnzqYunD%2BzOt4cGVA%2FMJ83vfU9csWw
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2Ilbu8vP$!]tbp8i_iqf!oN/@E'zz<*Z0Qa#NAy_eJ1Rs/54u1SVr7v!ykde.7JObt5%]<QG=%9sk@3@'s>TASDtJ
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1ifu|7LJ.0.9fc35bc0-abf9-4d4c-92f8-241b20ca1662|4is.0.CAESEAr6Y11JMqy2FnB9vE-ZfoI
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAALXg1dbQ0riwNZlNa9AAAAAAA&KRTB&22713-AAALXg1dbQ0riwNZlNa9AAAAAAA&KRTB&22715-AAALXg1dbQ0riwNZlNa9AAAAAAA
.pippio.com/ Name: pxrc
Value: CP6Nop4GEgQIAhAAEgYI7OsBEAA=
.go.sonobi.com/ Name: __uin_zt
Value: 1972084068593236606
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-gOAn0L4xSOBWEzv8ZVODtWfR_og&KRTB&23334-gOAn0L4xSOBWEzv8ZVODtWfR_og&KRTB&23417-gOAn0L4xSOBWEzv8ZVODtWfR_og&KRTB&23426-gOAn0L4xSOBWEzv8ZVODtWfR_og
.openx.net/ Name: pd
Value: v2|1674086140.2|lYvOiajEiuhI.vysnkSuIrAjIpMvGlQvAkqkalUvHsP
.go.sonobi.com/ Name: __uin_pp
Value: 6JWgSS4Sw2lg
.linksynergy.com/ Name: rmuid
Value: 0ab7265a-91a5-41ec-864a-ee8de7c78e44
.linksynergy.com/ Name: icts
Value: 2023-01-18T23:55:42Z
.criteo.com/ Name: uid
Value: 5b501ab4-b8d4-4981-9df3-9ee6220f8091
.live.streamtheworld.com/ Name: idsync-bsw-uid-s
Value: 0528797d-468d-41e3-a0a3-eb0b49ac154a
.blismedia.com/ Name: b
Value: 63C886FFC118D9437F19C9C4BLIS
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004%22%2C%22nxtrdr%22%3Afalse%7D
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-0528797d-468d-41e3-a0a3-eb0b49ac154a
.analytics.yahoo.com/ Name: IDSYNC
Value: "18yw~29hz:18z8~29hz:18za~29hz"
.quantserve.com/ Name: d
Value: EFMBFQGKKIEO-TC_vLEA
.dotomi.com/ Name: DotomiTest
Value: 38301584b0d01b1d
.securityaffairs.co/ Name: cto_bundle
Value: dxpJWV9McSUyRlpoZ1hNQzl4aGUxcktCUlZRS1FkYmEyc3R2cVJHZmZOR2pIc0t1TFUlMkZBJTJGdlZTREFxJTJCTGlGRTMlMkZjMTFXV042YSUyQm5kZFBLUkR4cUdxMk1lNkpsenBMeDRXbXU2bGNZdll3czVPbllrRERVU1RHJTJCWU40SyUyRlB3RzZVJTJGaVNDSzNKVGV2WWFKQVpDNyUyQnhqZ3VLcDhxVCUyQnhDWGNWTmVoZ2YlMkJHM1h5THVIbEklM0Q
.rlcdn.com/ Name: rlas3
Value: kPKojv6WmMGf43EVRLmpr5WO5bgbusMjD3GcfTdX4WI=
.admixer.net/ Name: am-uid
Value: 805f7fa5b68f4a4090c50dc3f4a7352a
.r-ad.ne.jp/ Name: r_ad_token
Value: 52VNth010BDGa007Qnuy
.id5-sync.com/ Name: id5
Value: e1bc29d8-fa06-72d7-964a-646e7197b4b3#1674086140770#2
.adtdp.com/ Name: uid
Value: AYXHT1eN1zj7EtA79ik
.adtdp.com/ Name: dynid
Value: AYXHT1eN1zj7EtA79ik
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4nGNQSDYyMzSyMLU0SjFKTTUxSjUxSzS2TE5OSjE2T0oxNLRkAILkE23%2F%2F%2F3%2F%2F5%2BfAQb4pkx6ocrYVs7wn5GRYSISuwuJ%2FX3jFBYY%2B%2FRJdRhz5%2FKP%2BjD2uaOHmGHs3fsuC8DYhxfPgWvt3%2FJCF8be9KcQxlz06iNc%2BNKpR2ww9rslCK0AhdpLMg%3D%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4nGNgYGBIPtH2nwEGmBgYuGaAGFxNn4EkAFQ%2FBNQ%3D"
.uuidksinc.net/ Name: jcsuuid
Value: qnVNe93oOefEBsWpZMq3
.w55c.net/ Name: matchopenx
Value: 5
.rubiconproject.com/ Name: audit
Value: 1|WD0cx+9RTMLEM50keDusMSKB0+A8/5OajRdzZ1ALMtUuPfgjSU0D3pwYuyYd+lC7iyAYRI8Oou9ymPvo8pleP2KLLa4BRoMRcV9NAwqhSw8=
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004%22%7D
.pubmatic.com/ Name: DPSync3
Value: 1675209600%3A245_201_197_226%7C1674604800%3A248_164
.pubmatic.com/ Name: SyncRTB3
Value: 1675209600%3A165_13_234_179_254_214_209_238_176_7_54_21_233_56_107_99_5_247_3_231_22_96_220_8_204_71%7C1674604800%3A2_223_15%7C1674864000%3A63%7C1679184000%3A69%7C1675296000%3A35
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004&KRTB&17107-RX-e7d04bf0-eeef-41fc-9f44-4f088054fa00-004
.pubmatic.com/ Name: PugT
Value: 1674086144
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHcnViaWNvbhILCNb515ex7rw7EAUSFwoIcHVibWF0aWMSCwiYn4uese68OxAFEhQKBXRhcGFkEgsImMuCvLHuvDsQBRgBIAEoAjILCJjDhenH7rw7EAU4AVoFdGFwYWRgAg..
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!455
.krxd.net/ Name: _kuid_
Value: PU7Kha0Z
.csync.loopme.me/ Name: viewer_token
Value: 138c3416-a368-4a97-9589-da9aab5fc74a
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 3
.pubmatic.com/ Name: pi
Value: 156423:4
.ads.pubmatic.com/ Name: pubsyncexp
Value: 1674107745977
.pubmatic.com/ Name: SPugT
Value: 1674086146

10 Console Messages

Source Level URL
Text
javascript error URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Message:
Access to font at 'https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Message:
Access to font at 'https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.ttf?v=4.0.3' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://securityaffairs.com/wp-content/themes/rigel_old/fonts/fontawesome-webfont.ttf?v=4.0.3
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1674086136&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=308x675_l%7C308x675_r&format=0x0&url=https%3A%2F%2Fsecurityaffairs.co%2F138851%2Fmalware%2Faurora-stealer-malware.html&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1674086135000&bpp=670&bdt=997&idt=1812&shv=r20230117&mjsv=m202212080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=805602959186&frm=20&pv=2&ga_vid=307525084.1674086137&ga_sid=1674086137&ga_hid=940554831&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31071637%2C44779793&oid=2&pvsid=4079479525170594&tmod=705239939&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1835
Message:
Failed to load resource: the server responded with a status of 403 ()
javascript error URL: https://securityaffairs.co/138851/malware/aurora-stealer-malware.html
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694' from origin 'https://securityaffairs.co' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=c2d18b01-4905-4aba-a83e-e41eac932694
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://cs.nex8.net/cs/openx
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://match.rundsp.com/redirect?ex=openx
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEDxqyTQUXZNU7qPNFT0nd3g&google_cver=1&google_push=AavPq0Olw7QbTlNXzu8SNaMFZYGQQaefaviGW2mw7n8_9t0PGyF_X8HI3y9O6_JrvcBGOviNKkv5MOBSQp1M9wtLxsEAJp0rK85l
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ads.playground.xyz
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.com.au
analytics.google.com
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
bk.r-ad.ne.jp
btlr.sharethrough.com
buttons-config.sharethis.com
c.bing.com
c1.adform.net
c2shb.pubgw.yahoo.com
ccd3be138556e1cfb8898c651a4fdf43.safeframe.googlesyndication.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.pixfuture.com
cdn.prod.uidapi.com
cm-supply-web.gammaplatform.com
cm.adgrx.com
cm.ambientdsp.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
core.iprom.net
cr-p3.ladsp.com
cs.chocolateplatform.com
cs.nex8.net
cs.r-ad.ne.jp
csync.loopme.me
de.tynt.com
demand.trafficroots.com
dis.criteo.com
dps.jp.cinarra.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dynalyst-sync.adtdp.com
esp.rtbhouse.com
eu-u.openx.net
eus.rubiconproject.com
events-ssc.33across.com
fastlane.rubiconproject.com
fid.agkn.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
gocm.c.appier.net
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hbopenbid.pubmatic.com
i.e-planning.net
i.w55c.net
i0.wp.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
inv-nets.admixer.net
invstatic101.creativecdn.com
ipac.ctnsnet.com
jp-u.openx.net
l.sharethis.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.rundsp.com
match.sharethrough.com
oa.openxcdn.net
oajs.openx.net
onetag-geo.s-onetag.com
onetag-sys.com
openx2-match.dotomi.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pippio.com
pixel-apac.rubiconproject.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.media.net
prebidserver.pixfuture.com
prg.smartadserver.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
r.turn.com
rtb-csync.smartadserver.com
rtb.openx.net
s.amazon-adsystem.com
s.e-planning.net
s.tribalfusion.com
s.uuidksinc.net
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
secure.gravatar.com
securepubads.g.doubleclick.net
securityaffairs.co
securityaffairs.com
served-by.pixfuture.com
signal-beacon.s-onetag.com
signal-segments.s-onetag.com
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync-global.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
stats.wp.com
sync-dsp.ad-m.asia
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.e-planning.net
sync.go.sonobi.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
t.co
tags.bluekai.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
u-sin01.e-planning.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
yield-op-idsync.live.streamtheworld.com
api.rlcdn.com
cs.chocolateplatform.com
cs.nex8.net
demand.trafficroots.com
match.rundsp.com
securityaffairs.com
sync-tm.everesttech.net
103.229.10.211
103.229.206.240
103.231.98.193
103.231.98.196
103.231.98.197
103.3.63.48
104.16.56.101
104.18.25.173
104.18.33.19
104.21.60.113
104.22.52.86
104.244.42.5
104.254.148.252
104.254.151.36
104.83.196.216
106.10.236.147
107.178.244.193
107.178.254.65
119.9.108.211
13.107.42.14
13.114.228.14
13.114.38.125
13.231.14.162
13.33.33.106
13.33.33.31
13.33.33.93
13.33.78.115
13.33.88.41
13.33.88.98
13.35.8.117
137.184.242.150
139.5.84.243
139.99.49.250
142.250.4.132
142.250.4.149
142.250.4.94
142.250.4.97
142.251.10.106
142.251.10.154
142.251.10.157
142.251.10.94
142.251.12.155
146.0.227.110
151.101.65.229
161.35.253.218
162.19.138.116
162.19.138.120
162.19.138.82
167.88.158.176
172.217.194.138
172.217.194.156
172.217.194.157
172.253.118.132
172.253.118.154
172.253.118.157
172.64.154.237
172.67.140.211
172.67.68.113
18.138.18.111
18.139.240.219
18.142.216.216
18.155.68.7
18.155.68.83
18.176.234.133
18.176.29.44
18.198.61.82
182.161.73.129
182.161.73.136
182.161.73.146
184.31.5.52
185.84.60.23
192.0.73.2
192.0.76.3
192.0.77.2
195.5.165.20
198.206.157.242
198.8.71.130
202.241.208.56
204.79.197.200
207.198.113.205
208.92.55.231
209.54.182.161
216.239.38.181
220.150.223.50
23.106.127.165
23.106.127.53
23.106.69.72
23.72.44.183
23.72.44.196
23.73.13.201
3.114.216.187
3.120.82.246
3.33.220.150
31.220.27.134
34.102.146.192
34.102.253.54
34.107.148.139
34.117.239.71
34.120.135.53
34.149.20.76
34.83.125.63
34.96.105.8
34.96.70.87
34.98.64.218
34.98.67.3
35.186.193.173
35.190.39.111
35.190.60.146
35.213.12.39
35.214.223.115
35.227.252.103
35.244.159.8
50.116.239.135
52.220.229.2
52.24.113.245
52.32.15.49
52.74.118.249
52.74.162.2
52.74.234.58
52.74.66.232
52.77.152.198
52.77.64.78
54.208.68.206
54.80.38.94
63.251.14.60
64.120.110.136
64.120.110.139
64.202.112.223
67.199.150.85
67.199.150.86
67.202.105.24
67.202.105.33
67.220.224.150
69.173.144.139
69.173.158.64
69.173.158.65
72.34.250.75
72.34.250.78
74.118.186.44
74.125.200.156
74.125.24.95
74.214.196.131
8.18.47.7
8.39.36.142
8.43.72.98
85.114.159.93
89.149.192.65
89.207.22.137
98.98.134.243
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e7d81fa98727d6813180ee37727eea6fbf23e5641025158faccc0639f3bc99
0255909b7cb5511843e8e9d6414f99d023237cdb954705d68c4ff0d3cd752d6b
037abd1c12506bf4b36bd1fbb352b7c6ebdf2e2229c3e34b5a4718d3de697421
040ea190914164d3ef331dbd5dda91f7697a1c874aaab510ceac6cbaf572b014
04da339baae1948d51e6ffcd4f1f118fe304f7aef2884cd164714df856f0e7f0
0781d57c0ca31253351ec37aba09a8e21b46522d64fd350e763cee3f7f17ad42
08b303cd7af9e0641ef8eb559b97d95e299945705cbec27f5a8d1cd44df06221
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b6862a66a4159333c606706257fa37a766c77361656da4395d1106590e88cc1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d1653c79d2312e083a5e42a24009e476e71bc542038bc533c08e5be8b9ea39f
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
123a4fe7748fb5c0d98d0b90e598a64a2fcee71fd1a0f7baa24f5d3f44ec733e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12e29fa8c4f9d7702cdea6663458a4084007fe4521117610c456c54e6644e07c
1380a094312203899470d336f0f471e544694cdd4d20e4788f3ab2e8949508a4
140e17bdd8186191131c02a6da856adbda9a3d9b961f994407e67f4caeca48e5
151f4c5dd54a6549cde6d5fe9fee79a9352e92c12d5d641443f569d62b965c10
161fc53bd395a1c06a8df745e281a24fd42768dcda8b978b15fd953cb8f55c39
167bdead3314274ec6816ae851d767dd0ca9d1f9a2858b8ed0f1820657096097
169ff09843c5f43bf6ea4313ec90d8aee29bae844485c1e20dee71fb3ec5cb81
177adc7f598059a64688032183a789649b610f69d3d2e239c493c2568dd2a2cb
180ad7b71bbb588b1884751ee4af6cd994314fefd27f13eb22610843a2ccca27
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
189468c1691f7c893b902070ea2083a70bb550f36f009956af77241b4a6de78f
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1b92260a400bea230772ccfff1953fbe65deeb30da1a8aa146342d20833f24ff
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2265349f87505b659af089e9d0ddadc2d7b6afbc8036055e23651e1bb3f69a8b
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
22c1bc19a8d31d025d5e765449483e3c25c322c0400d91ba295d5f5c735c6e56
22de3cfef032de2d4fdb9617e21c37a4e1b94d3c388eacf661428139aac3e19c
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
249af0ebfd2f68a24f5e9e113d26e485abb969167196895ce39626cf1f289914
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2811cc6947c52b0c5e2cedc3d408bf612fece6c845c8f5ba4031f18db840518b
28275dbcd3747f460a53102bb9dad566db20349335371cef756c72f4ab155431
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
2d186cf8ea3d4a328eb1f236ac19bd1bb8c4276b13c8e125149c5a77a948237b
2d32601cbf11cba991a9f637dc3c92d69498ed77ee7441829bba1e0ff4ac3419
2e6d424353f2ee3ebc5f371dca4ce9ba6a9f25cb2c1b7dada60b886978a4ac32
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2faa2f6cf7fa8f3dcad31f1fe71142976b25bff1306bcc828ea93adde0fa8615
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
325eba81c794b3e3fd46d8cc5c92a0027179e63d0fbe60e2bd823d1b9231f076
3570b0809823e912b040bb8d99048d5e85ceabf830ef064e306c0a1901a08e11
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
389e04b8c4ac8d92b2f3886697cf75c7c22422c3fe0fd6fbbfdfcd431b92e109
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d6c19c08bec8d317950c288311da106033c1565bba6fe368020776595cb4702
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eca328d4878787ba6a65de658f251de1dfbefe317a146129559eced96131c29
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40b1e5f38d5371d8bf8548c9a511418753eafdb58d54896cc356aa37a15552d0
424667d975a118bb9478909613f672965cb7a9459d5fe296a87548a8c21772b9
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
45441e8544fee1082969100db86d9cf388299cc5a2ae722d7608eada229057d6
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
483f311a8d9db59530fc54b5b26bb9c1d26da0825cc4daf4cc81b86fc3bf2247
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a73e4991fc7d34e5fd50a06503a203e90f2d13e5a034d728eef92b73e26e4be
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c1db2d4d8498a64db9904731443434dd62dd4cbae87fd17a356e277efbe99d9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea737ac05e8ee5e490220d97b820834c18cd7c6f1da7d85007a51a5c64425df
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f618d20d85f3163d72432606f3afa3c17b6c79954f967ec3df9a710503c9df4
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
524aa0f042e131dc017cea2aae6a2930067efa3464b908e8fa22b400dccf8ed5
536425ea59971bfd6b36ecd911f0ac7cce077dd869729a7552af17ac52c00ab0
53fb5d086c5355075f9ed96179114e4edeee88333552a2ae02374c60565b166c
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
5602905cd2a14cedc8625f943afd5be4cade0e98a5a0dffe443007a62d3359a7
5ba66be93175d955c5a371d9fd1e4e0255c69cefa609768372f0647ed5d3668d
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
64de1a6e6afd4e2be0cf6e0fe152b358dd55aed4c7b55b4c6dff09daa3eadc7b
66b065ecfe41173b7c2410fcee2f6f33f0416c43e250922d48f9676fc8657f38
67596f497ba9670488a07493b079a6c8d32fb1714209db992e1e32a99c4dffe5
6769c01e5a300209a992b44a3d61575da5146fa80ecd87c9e0cf6c42c0928650
68b4382e37f065e5494a43903f6ae58350fdca69c4b2eb7463763a09e46d418a
6e9d3c34ce822e0813ed2bb9b32cd152f92d066ae94eba2173a4149b71225918
6f83d6d161d5d98ac0a6305e882cbf211c330178f30bac4095f967b5475c0e92
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
72093884558b18d7a418e8e807f6b69e81ae859da02f471ad03150f009af430b
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
751ae0b0e7b20fc45203c90e0c3391e1aa983f57327fb31d96dda46f7232ad45
7585aa8f207ab2dec9e79cc4c50711a269ef20153e6e41dc188abf32515b1c62
768074be6f0facc613822ac9ce46b152bee6cfc0507d38008845571aa8792db4
76874a5016a8ae667987503a341a8f06e551cbf86af1335eefddb9360e5a975f
76b80e4baed88d2e1c71b8a931fec61291cbd8e753df21d8b87698a23f5a5a42
76ed2b93bc57345f7305a1c6078bd8069d3fe602ae7875e924ebd42777a409d3
7746871b06216ef2d442ad014085d0ed7d3e7b27f24e4feb84fca8428a45a4f7
7ea9327b36f8ea3355ad8a33cf7bd5735cbf2e11ed96744279181a0fedd2401e
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84eded3cd022be372acbb3082036431b0b29e1d2b05fb89954bcdb95a0665fbb
86bab6228dada00ad00978e378876aa2ccf14bc6773fc40e00554c7f1cc6a85b
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
914c2c38bcf8be8ae0bb37e800573341c8134e54b5ced5303c1d3f172d7e6c96
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
921426793f2c83d966ab22282c289776660d83988aaa1bdcacb32e395bb35982
93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9fcc526b8eac080f65a017b8d8cb9f215307e57c57f0fec8ec73360cea3435bb
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04aa9666a49a1c434d7e44268f399e0c1dc1b306a2cc6f3414551364c217b4d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a37deb9dd04cdebb5a80730395780332c03ec667693b3ddb06d8983157679d64
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a51ded4d71e22713ece5a0d4292799fbd798c044696b6dacd6cdf907441d1e52
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a61544bf1f5f6c8aaf3930d0f753c2247791c5bf0941c359573673da05b68ce8
a6cb4812e82c5be7c12b260011b6ef2048a7ea65c5dbfaf5b40b109812b96232
a91e5afb93443b1b21fba2c54d1393e83a9220bafc8a2ad144c9279426d6b2da
aea607f39789d4cc03dd33d5518a1e53d419c379c618b7a19d6e3a06f4f14d56
aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2
af0c0479bf45fe3df33d7084edc28c512fa7bec0a999f395a2b9088d44092c89
b09a581bc29f4bdbe66bef5c69b90cc1a003e849e2f7706f47a9f0c5f5a6860e
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1bbcbe855eb69dbca752b0ccfdbf8d9015f37906a46763ac3aa8e54279de3c2
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b21ee81dcf43a413a9fab8f3407ade1ef37e67d27d4afacc784127f676fc5cbc
b2edc1517adcb35a4d01da4c934037101748a5f910967eb0fbe495e522b8598f
b33e3ff7c01e9eb947faf1bd0dd31d3d210ff9fdf809f2db3938b5b865b9cc31
b546b8ad4fd1753c97082df171acf0932fc667b81b73ba9496fcc1f0abcaa717
b5643c5e548ec3aab5786c3845bce65a8ab30d48b62ba2586373ff84589ea13d
b641a199a97994ec7e4a3734e47099263c235c39c7cd3521fe74cd8512525d59
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b9bb08a70f6fb3e47eebe4e368bffdba6a1cac0413210c1e2ef7b43105dc4bf8
ba08a3d19225206e1f616f14c7d6e4f214002374c7086834026cb977a09748fc
bc54379b6288f5970da471f0f64ca15f8c9e3a3819a0950608a45b7479d5a11f
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bd67c15761e915cf1fc28f8182c783d86fd8c8bfa7c38e2b85a431e6c1753e34
bea141b0e1c016faface442cf56dae318f97789bea95d633da28014d5233a934
c0b80fefeeff0400f4fe64b20c3976604253a7e0c7326d4414db2567063da9fe
c118ec4a3b42384f0bfff9aaf4ba2c589b51dd2e0d40a6f7df440899d3bdebbb
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2dff4d99eef4b35e8f498d841d785ec135749647ff00b3efd1a5d66f87e5241
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4bdb4f0c55bcd07bebfb50ae82484f64d99927482ef280f8e399053afaeb71e
c9b6164ccc60fa98562a1d315d63a961a7ffa16183117a6a5f6d5bf3893283c0
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
ceb6d0c8321627007c1ca8f7de8f5fafc5a7140cceabe7d8adce562fc4885de7
cff8c5b798dd1a69ce9460a203c10be59613887e25245f5c64916a51a1055d4c
d45db408994999adf9688f95a67bd5aae74569c4dfed196fcf251ccc72dbb554
d470e7daa240f882619834157f2c1def608a536e7254b8546af2691c3210ec0b
d4de8657597c32758154a11f704c5a3763c15ab67507ebdcbe9c4e8ca915983f
d5133a1035cbf203be573cc6e15a2d4f8477b62568bea772b2192dc68c4980e5
d6f712bb063293806236d362715f5f3f134ddeb3da95e66f7f7d5f1311975296
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
d9addbc5e4dc1ab9e57463a1f2f5fcd314fa45868981029b4e7efafedeec2f6b
db4312bece8d50799c3e99a316a58218a527df0f25b93c3e075e04712e20cacf
db67ffb5ecbc409608c61e071bd1fd7cd6c24e21f87b4184089283147e0750c9
df9b100db3fb74727ea1dd954c35815bc4abeb3ff0562d47878f29f5da0848af
e0daa60932ea70294041118f42032b94e6a69a971832a050c683357fd20c2f63
e1a05fcf0daa9849b537f2792186a8209bf84de306f9f9f95e923bd8a8d07857
e1b1c54ba41cb13001de23642265da817473b2f3c8c0789eed1bb8d560c42110
e2a3522e6e082fa56d0eb9bf893a6bddc957911a05ff9a35a1c5e6982abe583e
e31312eabb9468e2aae1859b983f47f701ee3ec8d4297c861668556f0cee8615
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d15af9bd67fe77ac0050ac96a9cc9e173c23fbe76a8a144e29566e57fdbb41
ea5f66265603af69d01766fd55f765b083235793b621a814826432775a24c91e
ea6a9596a9cb5fe085ddc766ceee7fa86d0a477781b0c6615b731280a2c4b661
eaedc6e62ec182fafcc46a6577feca0ecba7ab52da561b10fae4e9e0f7a64e32
ebddd4d6beb79222ff03ce3a8f1025c8208c7abeed51729196c9f5482642e99c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef213a6cc52c03cc1ed7273a4ab095bdbfb989c8383a13eea69678ace652efc0
efead65964b5699f4dffa42ca59391364be9c4341d8d90a570ea3ccdb67a11b0
f0c3413a3d6060b291b7ee51b22fd99d7467cce66bb78b0907bd61f2e24e9f1f
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f10e20c507ad315131cc3f6738e41ab3e87890448b13c2c9dff57e8d091fca34
f1546323f3eda7a7c0228890cc7a1c4d223c47f4569566b63f2f58f9ede02bd6
f2543598ef1f4ead06a604ac151e0466dd405bd6fcce02c9074567066eb89085
f2bf803b376222c9430fdba217e8c03cb9b8182b2d56ea46d68ec11ba8546e88
f2e9b18f6ea1a12aa7a8cac5d1015c6da99e62eca429828379fc140850b94eca
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4947b301d4e8d4b2e647a1582d2a250e60b2984903f731e5b398540e9305dab
f4aa900ea610a8b3ede267c23e5c45a74303519f1767026d2579dea4fb315ff9
f97c77ba3ac2c903a3a208709212cbbe05bda90142574fe71786e3e30b49d2cc
fc871e89201aa44e7380e81e7f7846c4164e5a5d3374ba722a90e518ad48feae
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb
febc1e8fbae9b78e392e33110088051ce7f8168aa0ca6c43aadec0458774045a
ff6aaa3f3b8023816a9b164be90fb958c63857e984fea977c3b38d1542566299