Submitted URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3...
Effective URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsl...
Submission: On May 06 via api from US — Scanned from DE

Summary

This website contacted 108 IPs in 12 countries across 100 domains to perform 485 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 148243.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.
This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:2c40::c7... 209242 (CLOUDFLAR...)
34 35.173.160.135 14618 (AMAZON-AES)
9 143.204.98.119 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:303... 13335 (CLOUDFLAR...)
14 2600:9000:215... 16509 (AMAZON-02)
10 2600:9000:215... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
1 185.85.15.23 200107 (KL-EXT)
5 143.204.95.188 16509 (AMAZON-02)
1 9 151.101.130.137 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
10 142.250.184.194 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 23.206.210.112 16625 (AKAMAI-AS)
1 46.105.202.126 16276 (OVH)
6 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:116:800d... 16509 (AMAZON-02)
1 199.232.136.157 54113 (FASTLY)
7 151.101.194.137 54113 (FASTLY)
9 3.136.200.104 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
3 141.95.98.71 16276 (OVH)
3 52.19.46.209 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
1 104.244.42.195 13414 (TWITTER)
1 104.244.42.133 13414 (TWITTER)
1 4 216.52.2.19 29791 (VOXEL-DOT...)
5 16 185.33.221.15 29990 (ASN-APPNEX)
5 213.19.147.42 3356 (LEVEL3)
11 34.253.111.207 16509 (AMAZON-02)
3 35.158.59.51 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
1 18 34.98.64.218 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 3.123.149.239 16509 (AMAZON-02)
5 35.157.246.167 16509 (AMAZON-02)
1 3 147.75.38.124 54825 (PACKET)
3 204.237.133.116 62713 (AS-PUBMATIC)
5 159.89.246.130 14061 (DIGITALOC...)
3 23.32.59.34 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 15.188.95.229 16509 (AMAZON-02)
1 1 52.51.122.227 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 64.140.160.2 18450 (WEBNX)
9 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
3 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2 142.250.185.70 15169 (GOOGLE)
12 143.204.98.56 16509 (AMAZON-02)
3 45 13.248.245.213 16509 (AMAZON-02)
2 35.244.154.251 15169 (GOOGLE)
2 35.158.179.85 16509 (AMAZON-02)
1 3.120.55.178 16509 (AMAZON-02)
2 2 3.72.114.165 16509 (AMAZON-02)
1 34.98.67.61 15169 (GOOGLE)
6 74.121.143.246 30419 (MEDIAMATH...)
7 35.71.131.137 16509 (AMAZON-02)
7 13 142.250.185.162 15169 (GOOGLE)
3 4 2a05:d018:d29... 16509 (AMAZON-02)
6 6 35.211.178.172 15169 (GOOGLE)
2 2 34.245.154.233 16509 (AMAZON-02)
3 6 209.54.180.3 16509 (AMAZON-02)
4 4 70.42.32.63 22075 (AS-OUTBRAIN)
6 6 52.49.96.153 16509 (AMAZON-02)
2 2 54.81.207.173 14618 (AMAZON-AES)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
4 4 216.200.232.249 30419 (MEDIAMATH...)
2 2 52.2.37.89 14618 (AMAZON-AES)
1 1 2001:678:cb4:... 56396 (AMOBEE)
3 3 151.101.194.49 54113 (FASTLY)
2 2 35.157.220.171 16509 (AMAZON-02)
1 66.155.71.150 13768 (COGECO-PEER1)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 2 52.95.126.160 16509 (AMAZON-02)
1 2 13.236.156.184 16509 (AMAZON-02)
1 3.221.88.208 14618 (AMAZON-AES)
3 3 35.157.46.192 16509 (AMAZON-02)
2 2 185.184.10.30 203690 (RTB-HOUSE...)
1 192.132.33.46 18568 (BIDTELLECT)
1 1 23.88.75.187 24940 (HETZNER-AS)
1 6 144.76.238.55 24940 (HETZNER-AS)
2 184.30.20.207 16625 (AKAMAI-AS)
1 5 138.201.220.30 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
7 37.157.4.40 198622 (ADFORM)
36 37.157.5.71 198622 (ADFORM)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
3 12 23.35.236.247 16625 (AKAMAI-AS)
6 23.35.236.201 16625 (AKAMAI-AS)
3 23.35.236.188 16625 (AKAMAI-AS)
2 3 37.157.5.142 198622 (ADFORM)
4 23.205.235.133 16625 (AKAMAI-AS)
1 2620:1ec:bdf::45 8068 (MICROSOFT...)
1 143.204.98.64 16509 (AMAZON-02)
1 18.205.45.54 ()
4 4 198.148.27.140 ()
3 178.162.133.149 60781 (LEASEWEB-...)
1 1 34.210.168.133 ()
2 169.197.150.7 ()
1 1 169.50.137.182 36351 (SOFTLAYER)
1 1 154.59.122.79 174 (COGENT-174)
6 6 213.19.147.44 26120 (RHYTHMONE)
1 104.18.101.194 13335 (CLOUDFLAR...)
2 35.186.253.211 15169 (GOOGLE)
2 2 3.123.117.219 ()
1 1 185.64.189.110 ()
4 185.86.139.115 ()
2 3 18.195.155.181 16509 (AMAZON-02)
2 2 3.121.45.11 16509 (AMAZON-02)
2 2 18.156.0.31 16509 (AMAZON-02)
8 34.248.122.228 ()
1 67.202.105.21 ()
1 51.38.120.206 16276 (OVH)
2 185.86.139.103 ()
1 5 69.173.144.165 26667 (RUBICONPR...)
1 1 72.251.249.9 29791 (VOXEL-DOT...)
1 1 54.226.216.14 ()
2 2 193.0.160.129 ()
1 1 185.183.112.155 ()
1 1 54.205.198.81 ()
1 1 185.33.220.242 ()
8 34.247.205.196 ()
2 2 34.196.42.166 ()
1 70.42.32.31 ()
1 193.122.130.38 ()
1 1 104.92.72.137 ()
2 2 54.74.45.231 ()
1 1 124.146.215.44 ()
1 1 185.184.8.90 ()
1 1 104.92.74.8 ()
1 1 162.254.186.187 ()
1 1 85.114.159.118 ()
4 4 69.173.144.139 ()
1 35.244.174.68 ()
1 2a00:1288:80:... ()
485 108
Apex Domain
Subdomains
Transfer
62 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 879
ib.3lift.com — Cisco Umbrella Rank: 1714
eb2.3lift.com — Cisco Umbrella Rank: 590
296 KB
56 threatpost.com
threatpost.com — Cisco Umbrella Rank: 148243
assets.threatpost.com — Cisco Umbrella Rank: 472104
media.threatpost.com — Cisco Umbrella Rank: 383079
1 MB
46 adform.net
track.adform.net — Cisco Umbrella Rank: 3866
s1.adform.net — Cisco Umbrella Rank: 7498
c1.adform.net — Cisco Umbrella Rank: 950
308 KB
27 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 245
stats.g.doubleclick.net — Cisco Umbrella Rank: 175
9582686.fls.doubleclick.net — Cisco Umbrella Rank: 455297
cm.g.doubleclick.net — Cisco Umbrella Rank: 289
169 KB
25 connatix.com
cd.connatix.com — Cisco Umbrella Rank: 4500
cds.connatix.com — Cisco Umbrella Rank: 4673
capi.connatix.com — Cisco Umbrella Rank: 4835
lit.connatix.com — Cisco Umbrella Rank: 10547
capi-tier-1-us-east-2.connatix.com — Cisco Umbrella Rank: 5185
vid.connatix.com — Cisco Umbrella Rank: 5472
img.connatix.com — Cisco Umbrella Rank: 5369
2 MB
20 openx.net
teachingaids-d.openx.net — Cisco Umbrella Rank: 41200
u.openx.net — Cisco Umbrella Rank: 1045
eu-u.openx.net — Cisco Umbrella Rank: 2804
us-u.openx.net — Cisco Umbrella Rank: 632
rtb.openx.net — Cisco Umbrella Rank: 2213
6 KB
20 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 326
acdn.adnxs.com — Cisco Umbrella Rank: 853
secure.adnxs.com
79 KB
18 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 663
eus.rubiconproject.com — Cisco Umbrella Rank: 829
pixel.rubiconproject.com — Cisco Umbrella Rank: 478
secure-assets.rubiconproject.com
token.rubiconproject.com
30 KB
16 gumgum.com
g2.gumgum.com
usersync.gumgum.com
rtb.gumgum.com
5 KB
13 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 119
01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 171
77 KB
13 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 375
s.amazon-adsystem.com — Cisco Umbrella Rank: 382
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1405
46 KB
12 mathtag.com
tags.mathtag.com — Cisco Umbrella Rank: 4065
sync.mathtag.com — Cisco Umbrella Rank: 680
pixel.mathtag.com — Cisco Umbrella Rank: 1783
7 KB
12 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 695
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 821
dsum-sec.casalemedia.com
11 KB
12 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1174
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1408
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 738
ups.analytics.yahoo.com — Cisco Umbrella Rank: 420
ads.yahoo.com
5 KB
12 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2983
public.servenobid.com — Cisco Umbrella Rank: 6081
7 KB
11 redintelligence.net
hal9000.redintelligence.net — Cisco Umbrella Rank: 29190
hal900016.redintelligence.net — Cisco Umbrella Rank: 159843
hal900021.redintelligence.net — Cisco Umbrella Rank: 265073
16 KB
11 1rx.io
tag.1rx.io — Cisco Umbrella Rank: 2155
sync.1rx.io — Cisco Umbrella Rank: 789
3 KB
10 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 669
ads.pubmatic.com — Cisco Umbrella Rank: 655
image2.pubmatic.com
36 KB
9 bidswitch.net
ghent-aws-fr.bidswitch.net — Cisco Umbrella Rank: 9882
aws-fr-sync.bidswitch.net — Cisco Umbrella Rank: 24705
x.bidswitch.net — Cisco Umbrella Rank: 405
4 KB
9 adlightning.com
tagan.adlightning.com — Cisco Umbrella Rank: 2284
203 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 447
2 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 20
adservice.google.com — Cisco Umbrella Rank: 128
3 KB
7 admetricspro.com
qd.admetricspro.com — Cisco Umbrella Rank: 50621
332 KB
6 smartadserver.com
rtb-csync.smartadserver.com
ssbsync.smartadserver.com
2 KB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 341
49 KB
6 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 783
3 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 899
www.linkedin.com — Cisco Umbrella Rank: 787
px4.ads.linkedin.com — Cisco Umbrella Rank: 4880
4 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 101
40 KB
5 serverbid.com
e.serverbid.com — Cisco Umbrella Rank: 4320
sync.serverbid.com — Cisco Umbrella Rank: 10149
x.serverbid.com
3 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 881
ce.lijit.com — Cisco Umbrella Rank: 1305
2 KB
5 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 439
ajax.googleapis.com — Cisco Umbrella Rank: 432
773 KB
5 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1338
pixel.quantserve.com — Cisco Umbrella Rank: 653
cms.quantserve.com — Cisco Umbrella Rank: 1596
11 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 142
394 KB
4 contextweb.com
bh.contextweb.com
2 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 448
mug.criteo.com — Cisco Umbrella Rank: 1931
1 KB
4 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 862
2 KB
4 perf-serving.com
images.perf-serving.com — Cisco Umbrella Rank: 28491
oba-pool-eu.perf-serving.com — Cisco Umbrella Rank: 175543
166 KB
4 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1413
sync-tm.everesttech.net — Cisco Umbrella Rank: 955
1 KB
4 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 2170
id5-sync.com — Cisco Umbrella Rank: 915
13 KB
4 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 227
138 KB
3 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 1294
488 B
3 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1511
1 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 1014
5 KB
3 creativecdn.com
us.creativecdn.com — Cisco Umbrella Rank: 3907
creativecdn.com
1017 B
3 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 1443
2 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 3632
adservice.google.de — Cisco Umbrella Rank: 5351
1 KB
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1605
829 B
3 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1585
337 B
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 2525
mp.4dex.io — Cisco Umbrella Rank: 3878
24 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 283
kaspersky.demdex.net — Cisco Umbrella Rank: 378038
5 KB
2 360yield.com
ad.360yield.com
623 B
2 pswec.com
t.pswec.com
1 KB
2 rfihub.com
p.rfihub.com
1 KB
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 716
644 B
2 creative-serving.com
ads.creative-serving.com
1 KB
2 deepintent.com
match.deepintent.com
83 B
2 realestate.com.au
sasinator.realestate.com.au — Cisco Umbrella Rank: 6829
1 KB
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1249
1 KB
2 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1676
895 B
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 1187
836 B
2 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 4174
898 B
2 omtrdc.net
kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 272596
560 B
2 gstatic.com
www.gstatic.com
286 KB
2 kasperskycontenthub.com
kasperskycontenthub.com — Cisco Umbrella Rank: 412144
1 KB
2 venminder.com
www.venminder.com
4 KB
1 rlcdn.com
id.rlcdn.com
1 adition.com
dsp.adfarm1.adition.com
487 B
1 trafficroots.com
demand.trafficroots.com
633 B
1 socdm.com
tg.socdm.com
685 B
1 bluekai.com
stags.bluekai.com
1 KB
1 technoratimedia.com
sync.technoratimedia.com
293 B
1 outbrain.com
sync.outbrain.com
27 B
1 extend.tv
sync.extend.tv
546 B
1 adotmob.com
sync.adotmob.com
307 B
1 yieldlift.com
x.yieldlift.com
593 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1119
814 B
1 33across.com
pixel.33across.com
1 consumabletv.com
exchange.consumabletv.com
525 B
1 adsymptotic.com
p.adsymptotic.com — Cisco Umbrella Rank: 1079
259 B
1 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 2056
619 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1313
613 B
1 storygize.net
www.storygize.net
419 B
1 adentifi.com
rtb.adentifi.com
47 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1334
210 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 1231
380 B
1 getpublica.com
usersync.getpublica.com — Cisco Umbrella Rank: 5391
198 B
1 dotomi.com
triplelift-match.dotomi.com — Cisco Umbrella Rank: 6557
104 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 948
191 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 1257
412 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 379
594 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 1299
356 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1589
3 KB
1 ipify.org
geo.ipify.org — Cisco Umbrella Rank: 155647
589 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 338
17 KB
1 t.co
t.co — Cisco Umbrella Rank: 563
338 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 800
354 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1160
353 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 963
10 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 2487
17 KB
1 kaspersky.com
media.kaspersky.com — Cisco Umbrella Rank: 157744
49 KB
485 100
Domain Requested by
45 eb2.3lift.com 3 redirects threatpost.com
tagan.adlightning.com
eb2.3lift.com
qd.admetricspro.com
36 s1.adform.net track.adform.net
s1.adform.net
www.venminder.com
32 threatpost.com www.venminder.com
threatpost.com
16 ib.adnxs.com 5 redirects qd.admetricspro.com
cds.connatix.com
eb2.3lift.com
acdn.adnxs.com
14 assets.threatpost.com threatpost.com
assets.threatpost.com
13 cm.g.doubleclick.net 7 redirects eb2.3lift.com
u.openx.net
ssum-sec.casalemedia.com
g2.gumgum.com
12 ib.3lift.com tagan.adlightning.com
threatpost.com
ib.3lift.com
11 ads.servenobid.com qd.admetricspro.com
public.servenobid.com
ssum-sec.casalemedia.com
g2.gumgum.com
ssbsync.smartadserver.com
10 securepubads.g.doubleclick.net www.googletagservices.com
cd.connatix.com
securepubads.g.doubleclick.net
threatpost.com
10 media.threatpost.com threatpost.com
9 pagead2.googlesyndication.com srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
9 capi-tier-1-us-east-2.connatix.com cd.connatix.com
9 tagan.adlightning.com threatpost.com
tagan.adlightning.com
8 usersync.gumgum.com g2.gumgum.com
7 rtb.gumgum.com g2.gumgum.com
7 eu-u.openx.net u.openx.net
qd.admetricspro.com
eu-u.openx.net
7 track.adform.net hal900016.redintelligence.net
hal900021.redintelligence.net
s1.adform.net
7 match.adsrvr.org eb2.3lift.com
u.openx.net
sync.serverbid.com
ssum-sec.casalemedia.com
g2.gumgum.com
7 qd.admetricspro.com threatpost.com
qd.admetricspro.com
6 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
6 sync.1rx.io 6 redirects
6 us-u.openx.net 1 redirects u.openx.net
eu-u.openx.net
6 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
sync.serverbid.com
public.servenobid.com
g2.gumgum.com
6 cdnjs.cloudflare.com s1.adform.net
6 match.prod.bidr.io 6 redirects
6 s.amazon-adsystem.com 3 redirects eb2.3lift.com
ssum-sec.casalemedia.com
6 x.bidswitch.net 6 redirects
6 tags.mathtag.com tagan.adlightning.com
6 vid.connatix.com cd.connatix.com
cds.connatix.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
threatpost.com
5 pixel.rubiconproject.com 1 redirects public.servenobid.com
g2.gumgum.com
5 hal900016.redintelligence.net 1 redirects threatpost.com
tagan.adlightning.com
hal900016.redintelligence.net
5 tlx.3lift.com qd.admetricspro.com
threatpost.com
5 tag.1rx.io qd.admetricspro.com
cds.connatix.com
5 www.googletagmanager.com threatpost.com
www.googletagmanager.com
5 cds.connatix.com threatpost.com
cd.connatix.com
5 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
5 www.google.com threatpost.com
tagan.adlightning.com
4 token.rubiconproject.com 4 redirects
4 rtb-csync.smartadserver.com eu-u.openx.net
ssbsync.smartadserver.com
4 bh.contextweb.com 4 redirects
4 eus.rubiconproject.com qd.admetricspro.com
eus.rubiconproject.com
g2.gumgum.com
4 hal900021.redintelligence.net 1 redirects threatpost.com
tagan.adlightning.com
hal900021.redintelligence.net
4 sync.mathtag.com 4 redirects
4 b1sync.zemanta.com 4 redirects
4 pr-bh.ybp.yahoo.com 3 redirects eu-u.openx.net
4 px.ads.linkedin.com 2 redirects eb2.3lift.com
4 fastlane.rubiconproject.com qd.admetricspro.com
4 ap.lijit.com 1 redirects qd.admetricspro.com
public.servenobid.com
4 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
4 www.googletagservices.com threatpost.com
tagan.adlightning.com
3 x.serverbid.com sync.serverbid.com
3 ssum-sec.casalemedia.com 2 redirects public.servenobid.com
3 cs.emxdgt.com 2 redirects sync.serverbid.com
3 sync.go.sonobi.com eb2.3lift.com
sync.serverbid.com
public.servenobid.com
3 c1.adform.net 2 redirects eb2.3lift.com
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 js-sec.indexww.com cds.connatix.com
qd.admetricspro.com
3 pm.w55c.net 3 redirects
3 sync-tm.everesttech.net 3 redirects
3 tpc.googlesyndication.com tagan.adlightning.com
3 pixel.quantserve.com 2 redirects threatpost.com
3 htlb.casalemedia.com qd.admetricspro.com
cds.connatix.com
3 hbopenbid.pubmatic.com qd.admetricspro.com
cds.connatix.com
3 prebid.a-mo.net 1 redirects qd.admetricspro.com
cds.connatix.com
3 c2shb.ssp.yahoo.com qd.admetricspro.com
3 teachingaids-d.openx.net qd.admetricspro.com
cds.connatix.com
3 btlr.sharethrough.com qd.admetricspro.com
3 id5-sync.com cdn.id5-sync.com
qd.admetricspro.com
ssbsync.smartadserver.com
2 ad.360yield.com 2 redirects
2 t.pswec.com 2 redirects
2 p.rfihub.com 2 redirects
2 ssbsync.smartadserver.com public.servenobid.com
g2.gumgum.com
2 ups.analytics.yahoo.com 2 redirects
2 pixel.advertising.com 2 redirects
2 ads.creative-serving.com 2 redirects
2 rtb.openx.net eu-u.openx.net
sync.serverbid.com
2 match.deepintent.com eb2.3lift.com
g2.gumgum.com
2 u.openx.net cds.connatix.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 pixel.mathtag.com tagan.adlightning.com
2 hal9000.redintelligence.net tagan.adlightning.com
2 us.creativecdn.com 2 redirects
2 sasinator.realestate.com.au 1 redirects eb2.3lift.com
2 aax-eu.amazon-adsystem.com 1 redirects eb2.3lift.com
2 rtb.mfadsrvr.com 2 redirects
2 sync.ipredictive.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 ads.avct.cloud 2 redirects
2 aws-fr-sync.bidswitch.net 2 redirects
2 oba-pool-eu.perf-serving.com threatpost.com
2 images.perf-serving.com threatpost.com
2 9582686.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 c2shb.pubgw.yahoo.com cds.connatix.com
2 adservice.google.com tagan.adlightning.com
9582686.fls.doubleclick.net
2 www.google.de threatpost.com
2 stats.g.doubleclick.net www.google-analytics.com
2 kaspersky.d3.sc.omtrdc.net media.kaspersky.com
2 script.4dex.io qd.admetricspro.com
script.4dex.io
2 dpm.demdex.net media.kaspersky.com
threatpost.com
2 img.connatix.com threatpost.com
2 www.gstatic.com www.google.com
2 kasperskycontenthub.com threatpost.com
2 www.venminder.com 1 redirects
1 ads.yahoo.com
1 id.rlcdn.com
1 dsp.adfarm1.adition.com 1 redirects
1 demand.trafficroots.com 1 redirects
1 secure-assets.rubiconproject.com 1 redirects
1 creativecdn.com 1 redirects
1 tg.socdm.com 1 redirects
1 stags.bluekai.com 1 redirects
1 sync.technoratimedia.com g2.gumgum.com
1 sync.outbrain.com g2.gumgum.com
1 secure.adnxs.com 1 redirects
1 sync.extend.tv 1 redirects
1 sync.adotmob.com 1 redirects
1 x.yieldlift.com 1 redirects
1 ce.lijit.com 1 redirects
1 onetag-sys.com public.servenobid.com
1 pixel.33across.com public.servenobid.com
1 g2.gumgum.com public.servenobid.com
1 exchange.consumabletv.com sync.serverbid.com
1 image2.pubmatic.com 1 redirects
1 p.adsymptotic.com eb2.3lift.com
1 ums.acuityplatform.com 1 redirects
1 um.simpli.fi 1 redirects
1 www.storygize.net 1 redirects
1 rtb.adentifi.com eb2.3lift.com
1 sync.serverbid.com qd.admetricspro.com
1 public.servenobid.com qd.admetricspro.com
1 ajax.googleapis.com hal900016.redintelligence.net
1 csync.loopme.me 1 redirects
1 bttrack.com eb2.3lift.com
1 usersync.getpublica.com eb2.3lift.com
1 cms.quantserve.com 1 redirects
1 triplelift-match.dotomi.com eb2.3lift.com
1 pixel-sync.sitescout.com eb2.3lift.com
1 ad.turn.com 1 redirects
1 c.bing.com eb2.3lift.com
1 odr.mookie1.com threatpost.com
1 ghent-aws-fr.bidswitch.net threatpost.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.googletagmanager.com
1 01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.de tagan.adlightning.com
1 geo.ipify.org qd.admetricspro.com
1 cm.everesttech.net 1 redirects
1 kaspersky.demdex.net tagan.adlightning.com
1 s0.2mdn.net imasdk.googleapis.com
1 e.serverbid.com qd.admetricspro.com
1 mp.4dex.io qd.admetricspro.com
1 t.co threatpost.com
1 analytics.twitter.com threatpost.com
1 rules.quantcount.com secure.quantserve.com
1 lit.connatix.com cd.connatix.com
1 static.ads-twitter.com www.googletagmanager.com
1 secure.quantserve.com www.googletagmanager.com
1 cdn.id5-sync.com www.venminder.com
1 secure.cdn.fastclick.net www.venminder.com
1 capi.connatix.com cd.connatix.com
1 cd.connatix.com 1 redirects
1 media.kaspersky.com threatpost.com
485 165
Subject Issuer Validity Valid
www.venminder.com
Cloudflare Inc ECC CA-3
2021-07-16 -
2022-07-15
a year crt.sh
threatpost.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-07-03
a year crt.sh
*.adlightning.com
Amazon
2021-06-24 -
2022-07-23
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-08-11 -
2022-08-10
a year crt.sh
assets.threatpost.com
Amazon
2022-01-05 -
2023-02-03
a year crt.sh
media.threatpost.com
Amazon
2022-01-05 -
2023-02-03
a year crt.sh
*.google.com
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
kasperskycontenthub.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-07-03
a year crt.sh
www.google.com
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
media.kaspersky.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-31 -
2023-03-31
a year crt.sh
c.amazon-adsystem.com
Amazon
2021-07-06 -
2022-06-27
a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2
2021-08-20 -
2022-09-21
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA
2022-01-15 -
2023-01-17
a year crt.sh
cdn.id5-sync.com
R3
2022-04-13 -
2022-07-12
3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-07-21 -
2022-07-26
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
*.id5-sync.com
R3
2022-03-08 -
2022-06-06
3 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2022-03-11 -
2023-04-12
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA
2021-06-01 -
2022-07-02
a year crt.sh
ads.servenobid.com
Amazon
2021-06-28 -
2022-07-27
a year crt.sh
*.sharethrough.com
Amazon
2021-08-13 -
2022-09-11
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.3lift.com
Amazon
2021-06-12 -
2022-07-11
a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-03-08 -
2022-08-31
6 months crt.sh
*.a-mo.net
R3
2022-03-08 -
2022-06-06
3 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
*.consumableaudio.com
R3
2022-04-27 -
2022-07-26
3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-12-12 -
2022-12-13
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
*.d3.sc.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1
2022-02-17 -
2023-03-07
a year crt.sh
*.ipify.org
Sectigo RSA Domain Validation Secure Server CA
2022-02-07 -
2023-03-10
a year crt.sh
www.google.de
GTS CA 1C3
2022-04-18 -
2022-07-11
3 months crt.sh
*.google.de
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2022-03-01 -
2023-03-01
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
images.perf-serving.com
GTS CA 1D4
2022-04-18 -
2022-07-17
3 months crt.sh
oba-pool-eu.perf-serving.com
Sectigo RSA Domain Validation Secure Server CA
2022-03-22 -
2023-03-22
a year crt.sh
ghent-aws-fr.bidswitch.net
Amazon
2021-10-07 -
2022-11-05
a year crt.sh
*.mathtag.com
DigiCert TLS RSA SHA256 2020 CA1
2022-04-18 -
2023-04-25
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2022-03-28 -
2022-09-28
6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01
2022-03-16 -
2022-09-16
6 months crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2021-08-10 -
2022-09-11
a year crt.sh
*.getpublica.com
Amazon
2021-07-01 -
2022-07-30
a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA
2022-03-21 -
2023-04-20
a year crt.sh
redintelligence.net
R3
2022-03-29 -
2022-06-27
3 months crt.sh
pixel.mathtag.com
DigiCert SHA2 Secure Server CA
2021-06-29 -
2022-07-07
a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-11 -
2022-07-07
3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2021-12-10 -
2022-12-09
a year crt.sh
public.servenobid.com
DigiCert TLS RSA SHA256 2020 CA1
2022-02-17 -
2023-02-17
a year crt.sh
sync.serverbid.com
Amazon
2022-04-04 -
2023-05-03
a year crt.sh
adentifi.com
Amazon
2021-09-04 -
2022-10-03
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2022-05-02 -
2023-06-03
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-01-18 -
2022-07-13
6 months crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2
2021-05-18 -
2022-06-19
a year crt.sh
*.gumgum.com
Amazon
2022-05-06 -
2023-06-04
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-25 -
2023-01-25
a year crt.sh
*.outbrain.com
Thawte RSA CA 2018
2021-10-24 -
2022-11-24
a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-09-17 -
2022-10-05
a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon
2022-02-15 -
2023-03-16
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh

This page contains 63 frames:

Primary Page: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Frame ID: 88EBA2D50F8969A95490020C2E62DC02
Requests: 163 HTTP requests in this frame

Frame: https://cds.connatix.com/p/161155/connatix.player.dc.js
Frame ID: CE0FE0E2C59578A785234A8B3283FE42
Requests: 22 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Frame ID: 30238F9B16EF97C98418A913E5900BCF
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Frame ID: 3CE69A241C89A9E1E0AA71514E122B3E
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Frame ID: 48F45A1AE5EAB578E602706B2BB519F1
Requests: 1 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 2A70FA9F820F9F5FDFE1E621DC880110
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 907E383E9A46660FC6ECE482C9FBA0D1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 365059A44B2D6C399DBB1B1C4097E074
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 18D6245AC4B0FC80F7D1A14E0303ACFF
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Frame ID: 6622AAA2EB865D9BECCF80920213E95F
Requests: 16 HTTP requests in this frame

Frame: https://01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CBC19146D115CF0C3CCFD4F214B72CEC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8FCA00263B424D97C1681506E4E6F393
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3667D5D381A00D8E06AFE6BF1543985C
Requests: 2 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Frame ID: A127C89CCF8530C80FAA0A0A911C055B
Requests: 2 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Frame ID: 1F1050AAE1BC953DD873BAEECE9B9565
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Frame ID: 5AA6FC56F0D60433BCFE7EB9F59B4844
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Frame ID: 968A4B1980EC7098F31E05EEA5808914
Requests: 12 HTTP requests in this frame

Frame: data://truncated
Frame ID: D47137A14E362909E9750D29DD86A9DB
Requests: 1 HTTP requests in this frame

Frame: https://images.perf-serving.com/hear/2401/Reveal/Logo.png
Frame ID: 8A0F35316877D361D597366FAFE7FADB
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Frame ID: 66D9DAA428A1937B09F59CA74417FE27
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: BC0166A1F16DC35546E0C9505B68C53A
Requests: 1 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvTm1Nek1EaG1aV1l0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MjU4MTUxNzUzNzE1NTUwMDYvMTA2MzExMTYvMTE1MDc0OTQvNjIvMGNwdmEwNFV3LWgxOVlXdXNnYVFTUWs1WjljdDRvcmRpc0h5Vnoxb0NfVS8xLzYyLzAvMC8xODkyNzgyLzM2NDQ4ODg4NDEvMjE1NTQzLzExNDk1ODUvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODI1ODE1MTc1MzcxNTU1MDA2L2Ftcy8wLzUwMDAvNjkvOTk5LzI1OC8yMTcuNjQuMTUxLjAvMC4wMDAvMTY1MTgwNDkxMC8xNjUxODE3NTEwLzYyLzkyODYv/lz2NbTxON2bzZa_xVrWvWEYeP08&nodeid=1904&group=cdg&auctionid=2825815175371555006&shardkey=2825815175371555006&sid=11507494&cid=10631116&price=0.191&bp=a_bjbbgg&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.164
Frame ID: 75614A0BB1ACF6B2DE7B62FF2B2ADA6F
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Frame ID: 9AC19B0C6C7A82584A3C723D9E959382
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: 39A7033B9FC73640166A19BA9083915B
Requests: 1 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvTm1Nek1EaG1aV1l0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMzE2NTgxODQ1ODUyNDg5NjIvMTA2MzExMTMvMTE1MDc0OTQvNjIvMGNwdmEwNFV3LWgxOVlXdXNnYVFTY1hfV1BlTlY1WDVrdlNEZzFEWUI2US8xLzYyLzAvMC8xODkyNzgyLzM2NDQ4ODg4NDEvMjE1NTQzLzExNDk1ODUvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MTMxNjU4MTg0NTg1MjQ4OTYyL2Ftcy8wLzUwMDAvNjkvOTk5LzI1OC8yMTcuNjQuMTUxLjAvMC4wMDAvMTY1MTgwNDkxMC8xNjUxODE3NTEwLzYyLzkyODYv/DKqgWzmiTBlNmEYyT3Q-_ZgJrmQ&nodeid=1904&group=cdg&auctionid=5131658184585248962&shardkey=5131658184585248962&sid=11507494&cid=10631113&price=0.191&bp=a_bjbbgg&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.134.182
Frame ID: DC7524E2E6D8A40F137746543707A3E3
Requests: 6 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Frame ID: FEA25FA5AD26C752E69AA3D33BBA803D
Requests: 11 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Frame ID: 1F36B8C98C96504E02ABDA8A16705906
Requests: 11 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=51905600014914104681734011951021&a=dfd311ff
Frame ID: 131A813721B5C7F85BE7A8F787CBC8CA
Requests: 8 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/11204919/11204919.js?ADFassetID=11204919&bv=258
Frame ID: A157944391F8D1C1DC1E29C3F3357F37
Requests: 19 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/11204910/11204910.js?ADFassetID=11204910&bv=258
Frame ID: 2E13E9905C7547ECA13CACBE3551DF3D
Requests: 19 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: FCA56A9AA86BDB0290B02CA83659355B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 64A2CD81C99A3CB218DCF48B6A9B7628
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: BDD955446445CD9D3529B4182212444D
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 4185FEAA471F473DF7E5D52F75B8F9B8
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: FE98B0939B5AA0ECCB7B36E1A1DEFF12
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B4465F7AF169848AC3954F395F25F51F
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 855F97A54A5A719A8A721BA48758E04A
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DC2E801964099792394A70677A841009
Requests: 3 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 772EC3E557B89B03BED6F565BCE38886
Requests: 11 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 399632AA9696148F3182807F2EA5EE22
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 18F7AE1F9483BE0D5CCD404CC768353D
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: EE7777216EFA8846FAE9478114735B70
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 83347A966123AA5116B1B730B8139A91
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 6B719455E2F1CD3248FDA33FEB0E3F52
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 3B75D8B4A51627C6BDB09E25DF88FD8E
Requests: 11 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 91F8BBB4ED6F66E5D11DFA7133441614
Requests: 1 HTTP requests in this frame

Frame: https://sync.serverbid.com/ss/2000891.html
Frame ID: 9DBCDDF8064C23885446C959529F886A
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Frame ID: D6CB4EC7F59B6F5DC4625A87E900372C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: 8697D19C7823E32CAF0E0C47730D94F6
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: CFB3D7760E18F67D4AB382ED8CBA54C7
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 5DC4EE89BF020567A1A06AD1C73DACBC
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 84FBC066ECB8C9C48E4308DDF5A385FE
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: FBC4650BD4A334F508E309724E2BCD42
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: B780941F90D6EFC697F965DD6E1DA15D
Requests: 10 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=1a236274-8af1-4401-8810-fb66bb615f1e&gdpr=0&gdpr_consent=
Frame ID: 277FBE47B319148E49C48E24FD0D6F7A
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
Frame ID: 65C227C402A3FCA206B91AFA1971654C
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84NTM3MWI2OS0xYWY4LTRmZDEtODA1Ny1iY2FmNzJmNzdiM2U=&gdpr=0&gdpr_consent=
Frame ID: A2437478D1D4DED88EFC965AC451198F
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 276877FBDDB1A182C248CF3897984571
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 3F49F6655CB824BBF6FEAF848245144A
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=8015597892726835373brt186051651804916430119f1
Frame ID: BEDE18203DAB94A3B7042E0448258CE4
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YnSK9cCo8X4AALhtXfIAAAAA
Frame ID: A7997D6AEFB8D4ACA391E4D7C2D07734
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=G9yt9qThxd004HopG9jX&pi=gumgum
Frame ID: 9397588E7B934C9B6263FAEF59523EEC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 8D7F102248F4B789586559E5334499EA
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Bad Actors Are Maximizing Remote Everything | Threatpost

Page URL History Show full URLs

  1. https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-... Page URL
  2. https://www.venminder.com/events/public/v1/encoded/track/tc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8... HTTP 307
    https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Part... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

485
Requests

83 %
HTTPS

23 %
IPv6

100
Domains

165
Subdomains

108
IPs

12
Countries

6265 kB
Transfer

14407 kB
Size

113
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1 Page URL
  2. https://www.venminder.com/events/public/v1/encoded/track/tc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1?_ud=dfac63f0-906e-4454-adee-efd298245ea2&_ch=p&_pr2=p&_pl=3&_lg=en-US,en&_dr=p&_ts=p HTTP 307
    https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/161155/connatix.player.dc.js
Request Chain 133
  • https://cm.everesttech.net/cm/dd?d_uuid=40552020846598719543248989789158379580 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnSK7gAAABjGdgP0
Request Chain 187
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_content%3D212153234%26utm_source%3Dhs_email%26utm_medium%3Demail%26_hsmi%3D212153234%26web_view%3Dtrue HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1651804911447%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253F_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_content%253D212153234%2526utm_source%253Dhs_email%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526web_view%253Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_content%3D212153234%26utm_source%3Dhs_email%26utm_medium%3Demail%26_hsmi%3D212153234%26web_view%3Dtrue&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_content%3D212153234%26utm_source%3Dhs_email%26utm_medium%3Demail%26_hsmi%3D212153234%26web_view%3Dtrue&liSync=true&e_ipv6=AQJ3-5xCYNhLGwAAAYCXPrpRXJFx3Zvo19Jea_0mBa5XxAF_KQOeABbBzHKIHzgCvbjee_IzfPWex0EWiT9Q7r0bg7i7aQ
Request Chain 190
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email HTTP 302
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Request Chain 233
  • https://aws-fr-sync.bidswitch.net/sync?ssp=triplelift&dsp_id=366&imp=1 HTTP 302
  • https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=triplelift&dsp_id=366&imp=1 HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9307a429-74fc-4321-9249-97b575a578a7&ssp=triplelift&gdpr=&gdpr_consent=
Request Chain 234
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827 HTTP 302
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Request Chain 248
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy HTTP 302
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Request Chain 249
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEANZANTVgR1cR5D_CtjJaG8&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 250
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy
Request Chain 252
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/104417412557236261312?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-QJx3PbJE2oQ117KAQADjI8omRniGSCMj9JG2S_vMjw--~A&dongle=0883
Request Chain 253
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=104417412557236261312&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=7219b488-5b38-41e0-ad5e-47cc9b2ad428&ssp=triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=2409&xuid=9307a429-74fc-4321-9249-97b575a578a7&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 254
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=104417412557236261312 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Request Chain 255
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Request Chain 258
  • https://match.prod.bidr.io/cookie-sync/trl HTTP 303
  • https://match.prod.bidr.io/cookie-sync/trl?_bee_ppp=1 HTTP 303
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AAE6ZU7E6RYAADvZLY3QEg&dongle=bzwx
Request Chain 259
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9&dongle=4430
Request Chain 261
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=8015597892726835373&dongle=4d58&gdpr=0&gdpr_consent=
Request Chain 262
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3690&xuid=23496274-8af1-4300-94fe-e2d82034a54a&dongle=3995&gdpr=0&gdpr_consent=
Request Chain 263
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3702&xuid=164eccd5-cce6-11ec-9718-0515b2acad93&dongle=d54f&gdpr=0&gdpr_consent=
Request Chain 264
  • https://ad.turn.com/r/cs?pid=49&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4229483670715824364&dongle=d407
Request Chain 265
  • https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3657&xuid=YnSK7gAAABjGdgP0&dongle=3c0a&gdpr=0&gdpr_consent=
Request Chain 266
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4945&xuid=31bfab55-5542-414f-8464-bfd91b352886&dongle=31ac
Request Chain 277
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=gsFZW4ySCwmZwloLgsdDX9fAVlqZkQxe1sWyRAEO
Request Chain 278
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=104417412557236261312 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Request Chain 279
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=104417412557236261312 HTTP 302
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=104417412557236261312
Request Chain 281
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=0%26gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=6019&xuid=ptdQ85OH1NMNUI5&dongle=465e&gdpr=0&gdpr_consent=
Request Chain 282
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=0&gdpr_consent= HTTP 302
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://eb2.3lift.com/xuid?mid=6547&xuid=G9yt9qThxd004HopG9jX&dongle=45fg&pi=triplelift&gdpr=0&gdpr_consent=&tc=1
Request Chain 284
  • https://csync.loopme.me/?redirect=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6126%26xuid%3D%7Bdevice_id%7D%26dongle%3D9e4f%26gdpr=0%26gdpr_consent= HTTP 307
  • https://eb2.3lift.com/xuid?mid=6126&xuid=932e1273-fd81-4024-8083-c0b0401694c3&dongle=9e4f&gdpr
Request Chain 297
  • https://hal900016.redintelligence.net/request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627110%26mt_aid%3D2825815175371555006%26mt_id%3D10631116%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26mt_cid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=8283161843806&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900016.redintelligence.net/request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627110%26mt_aid%3D2825815175371555006%26mt_id%3D10631116%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26mt_cid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=8283161843806&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 298
  • https://hal900021.redintelligence.net/request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627112%26mt_aid%3D5131658184585248962%26mt_id%3D10631113%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D19236274-8af1-4801-bb89-4be368cb6597%26mt_cid%3D19236274-8af1-4801-bb89-4be368cb6597%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=557833255659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
  • https://hal900021.redintelligence.net/request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627112%26mt_aid%3D5131658184585248962%26mt_id%3D10631113%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D19236274-8af1-4801-bb89-4be368cb6597%26mt_cid%3D19236274-8af1-4801-bb89-4be368cb6597%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=557833255659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Request Chain 357
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=-UG50HxNLzFVQjJaOGRoTUdSN2hZc2FmR0NaZkZrZk1TQTFsSG1ZRlVXRXI0V1QyV3lCc1h5dGIzbTIzd1dPSkE3UEtiaVRLM2w0NDF1T0ZvRXU4bS9JeVgvd3R4OE5COXI5djFmUGtFNFZ1OW0zTzVIenlKNU5XQXdEQ1RJaHM3QmpNbVpCYzhxZWhXbGxLWW5LRDdSUGE4Ty9mYzNIa2w3UkozNCtadmxZWVhJa2ZraVZINEZXMENHYTNsZk9uVUJ0VytWWjl4VDhPNGMzRHpRdjR6bWdtVUJydGZjcVRFYjIxTEtNNlN4ZHVzZVNvPXw&cppv=2
Request Chain 368
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Request Chain 369
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
Request Chain 370
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
Request Chain 373
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
Request Chain 374
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Request Chain 375
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
Request Chain 376
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
Request Chain 379
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
Request Chain 401
  • https://bh.contextweb.com/bh/sync/3lift?rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3D%25%25VGUID%25%25%26dongle%3D8bee%26gdpr=1%26gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?pid=558356&ev=1&daaqp=1&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3DtcpzKC1Um7Vh%26dongle%3D8bee%26gdpr%3D1%26gdpr_consent%3D HTTP 302
  • https://eb2.3lift.com/xuid?mid=2636&xuid=tcpzKC1Um7Vh&dongle=8bee&gdpr=1&gdpr_consent=
Request Chain 403
  • https://www.storygize.net/ccm/9779a491-75d6-4ad2-92bd-2f159c9892ab HTTP 302
  • https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Request Chain 405
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=F0779D14BE13475F8A029938E6735B5D&dongle=yf3
Request Chain 406
  • https://ums.acuityplatform.com/tum?umid=23&uid=104417412557236261312&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3391&xuid=667670738874&dongle=6f30
Request Chain 407
  • https://sync.1rx.io/usersync2/triplelift HTTP 302
  • https://sync.1rx.io/usersync2/triplelift?zcc=1&cb=1651804916228 HTTP 302
  • https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
Request Chain 411
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ptdQ85OH1NMNUI5
Request Chain 412
  • https://x.bidswitch.net/sync?ssp=openx HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=9307a429-74fc-4321-9249-97b575a578a7 HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=9307a429-74fc-4321-9249-97b575a578a7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=01debc14-60bf-4072-ad93-4b63fb59133c&ssp=openx&expires=30&user_group=5&bsw_param=9307a429-74fc-4321-9249-97b575a578a7 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=9307a429-74fc-4321-9249-97b575a578a7&gdpr=&gdpr_consent=
Request Chain 413
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8015597892726835373
Request Chain 414
  • https://match.prod.bidr.io/cookie-sync/ox HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFNlpVN0U2UllBQUR2WkxZM1FFZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAE6ZU7E6RYAADvZLY3QEg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAE6ZU7E6RYAADvZLY3QEg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAE6ZU7E6RYAADvZLY3QEg&pid=558502&do=add HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAE6ZU7E6RYAADvZLY3QEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Request Chain 417
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1 HTTP 302
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YnSK9BnQNmhfSJ4Ylzb9MAAA%261185
Request Chain 419
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID HTTP 307
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=El8hsBZHZihBFk7bRk6VcqLv
Request Chain 420
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID HTTP 302
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=8015597892726835373
Request Chain 422
  • https://pixel.advertising.com/ups/58321/sync?redir=true HTTP 302
  • https://pixel.advertising.com/ups/58321/sync?redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58321/sync?redir=true&apid=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee HTTP 302
  • https://exchange.consumabletv.com/usersync?ttt=1&cn=5&dpui=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
Request Chain 433
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=8015597892726835373
Request Chain 434
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
  • https://ads.servenobid.com/sync?pid=310&uid=El8hsBZHZihBFk7bRk6VcqLv
Request Chain 436
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID HTTP 301
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiOGM4NzBlNGItZDZmZC00NDc3LWEyYjAtNjgxOTVhYjU4YThmIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0wNlQwMjo0MTo1Ni42NjQxNTRaIn0=
Request Chain 437
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1651804916314 HTTP 302
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Request Chain 438
  • https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
  • https://ads.servenobid.com/sync?pid=324&uid=5141210820465136000
Request Chain 440
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
  • https://ads.servenobid.com/sync?pid=327&uid=4c628c5d-a3af-4c41-92f1-3b4145d31e34&gdpr=0&gdpr_consent=&us_privacy=1YN-
Request Chain 441
  • https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
  • https://ads.servenobid.com/sync?pid=337&uid=y-1OVBlk5E2uEzhmgGjFDhKCnrPlanT3t0Lm61bCw-~A
Request Chain 444
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB&dcc=t
Request Chain 445
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YnSK9BnQNmhfSJ4Ylzb9MAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECeDXO740Iv79sPdXNBvcpA&google_cver=1&gdpr=1
Request Chain 446
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Request Chain 447
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5108559723201643592
Request Chain 448
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Request Chain 449
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2caa2cc5-c89e-428d-91ce-a2599b9ffcdf
Request Chain 451
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=8015597892726835373
Request Chain 452
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_85371b69-1af8-4fd1-8057-bcaf72f77b3e&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://t.pswec.com/bsw_sync?ssp=gumgum2&bsw_user_id=9307a429-74fc-4321-9249-97b575a578a7 HTTP 302
  • https://t.pswec.com/ul_cb/bsw_sync?ssp=gumgum2&bsw_user_id=9307a429-74fc-4321-9249-97b575a578a7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=2&user_id=6874e251-323b-4a7e-9f60-49f485571808&expires=3&user_group=1&ssp=gumgum2 HTTP 302
  • https://rtb.gumgum.com/usersync?b=bsw&i=9307a429-74fc-4321-9249-97b575a578a7
Request Chain 454
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=cddb44fe-1dc5-47ec-8894-3626d81c55a3
Request Chain 455
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=sta&i=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9
Request Chain 456
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/usersync?b=oth&i=y-yB1NTqVE2pduLHCOkK9JvhK5137vczMLLsVX~A
Request Chain 457
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=164eccd5-cce6-11ec-9718-0515b2acad93
Request Chain 460
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_85371b69-1af8-4fd1-8057-bcaf72f77b3e&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://stags.bluekai.com/site/23178?id=upKfXrpllYSs_FzxiBT6&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25LQJNTFQ4TQNRWFSU3TL5DHU6DJIJKDMJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25LQJNTFQ4TQNRWFSU3TL5DHU6DJIJKDMJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=upKfXrpllYSs_FzxiBT6&us_privacy=1---
Request Chain 461
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
  • https://usersync.gumgum.com/usersync?b=idi&i=3574ae70-84d5-4336-8c43-05198c60c48d
Request Chain 462
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1651804916429 HTTP 302
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Request Chain 463
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=xqMRGGC7taRM&ev=1&pid=558355
Request Chain 466
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
  • https://usersync.gumgum.com/usersync?b=mmh&i=1a236274-8af1-4401-8810-fb66bb615f1e&gdpr=0&gdpr_consent=
Request Chain 467
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://usersync.gumgum.com/usersync?b=atm&i=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
Request Chain 471
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=8015597892726835373&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
  • https://usersync.gumgum.com/usersync?b=emx&uid=8015597892726835373brt186051651804916430119f1
Request Chain 472
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=sus&i=YnSK9cCo8X4AALhtXfIAAAAA
Request Chain 473
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://rtb.gumgum.com/usersync?b=rth&i=G9yt9qThxd004HopG9jX&pi=gumgum
Request Chain 474
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 476
  • https://demand.trafficroots.com/sync.php?partner=3379&redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D137%26partneruserid%3D%7Btrafficroots_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=b02cf10379&gdpr=0&gdpr_consent=
Request Chain 477
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7094448093601790094&gdpr=0&gdpr_consent=
Request Chain 478
  • https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
Request Chain 480
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJUVFpUWlMtQS1FSzlG
Request Chain 482
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2TTZTZS-A-EK9F
Request Chain 483
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2TTZTZS-A-EK9F&sigv=1&esig=2~80d0111261e903f5c9e92f3651c976446c24ed94
Request Chain 484
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/tyS_ZetmobLeTLB6Sk9fAw?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8426252973966648352
Request Chain 485
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENqfaebZ3YcW9GiEwsgMXKs&google_cver=1
Request Chain 486
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3v0xkvxPSUSYhC5aE0lX9g&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3v0xkvxPSUSYhC5aE0lX9g

485 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mX...
www.venminder.com/e3t/Ctc/WW+113/c2Npz04/
9 KB
3 KB
Document
General
Full URL
https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671c , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
MISS
cf-ray
706e5bdc5df301f8-ZRH
content-encoding
br
content-type
text/html;charset=utf-8
date
Fri, 06 May 2022 02:41:47 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Fri, 06 May 2022 02:41:47 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tfsh6QQAs9fmjx65KyA5FCuZZNMCSL38YeRHGojVaxxbj25Ox%2B4cHY%2B44p2GbLmaQV%2FOa8ndYQlO6bB2xHaZLG9ctIkjJNkz7oNUTZevtJP2QiYmXuyIrwfDeulsB7u2InE9qYe7FK3VWo%2FVtyep"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-hubspot-correlation-id
759ba522-9272-4185-9017-0ba5ea6152d5
x-robots-tag
none
Primary Request /
threatpost.com/bad-actors-remote-everything/179458/
Redirect Chain
  • https://www.venminder.com/events/public/v1/encoded/track/tc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22s...
  • https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-...
89 KB
23 KB
Document
General
Full URL
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Requested by
Host: www.venminder.com
URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6061fd0cc0344dec41fb7e4bca7451f56ab27f3a94af4790347cd97ea0f9e75a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:48 GMT
Link
<https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/179458>; rel="alternate"; type="application/json" <https://threatpost.com/?p=179458>; rel=shortlink
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Debug-Auth
off
X-Frame-Options
SAMEORIGIN
X-Request-Host
threatpost.com
X-XSS-Protection
1; mode=block
x-cache-hit
MISS

Redirect headers

access-control-allow-credentials
false
cf-cache-status
MISS
cf-ray
706e5bddae8301f8-ZRH
date
Fri, 06 May 2022 02:41:47 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link
<https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email>; rel="canonical"
location
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8vjo%2Btj2e0gbUWqrQDLjPhmbMzbTLoSfo7imMmqCs01%2Fnk53oTOjZRPY3tA8WF21WwWAtwqqGyEmum%2Bj3PETpBi84zhxpvzR9bLljd0ZvB3C7HRpFWjMepkYpjqwOl6t8OIAB5NQBNHOcd3Bwx8"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-hubspot-correlation-id
4d62ec69-a8c3-4148-acc0-de16a481c48b
x-robots-tag
none
museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
15 KB
15 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
"62695bb4-3ca8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15528
museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-5124"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20772
museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
15 KB
16 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-3dcc"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
15820
museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
"62695bb4-51a4"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20900
museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
23 KB
23 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-5c74"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23668
museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:48 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-5194"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20884
museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
23 KB
23 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:49 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-5bac"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23468
museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:49 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-51b8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20920
museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
23 KB
23 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:49 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
"62695bb6-5b34"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
23348
museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
20 KB
Font
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:49 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
"62695bb4-50c8"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
20680
op.js
tagan.adlightning.com/math-aids-threatpost/
44 KB
19 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
af5c0b2d7b19aec291c436c3cd870bb64087cc132eb0c5e72f16057f5d91352c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id
Q16xQ_qFiq.aqGvNcGOWBGgPmxXf0UZO
content-encoding
gzip
last-modified
Thu, 05 May 2022 10:00:31 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"c69b273be29ee63ff9d63b7bc9fb639c"
x-cache
RefreshHit from cloudfront
content-type
application/javascript
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=3600
date
Fri, 06 May 2022 02:41:50 GMT
accept-ranges
bytes
content-length
18606
x-amz-cf-id
ggbpuPi5pjGVO6qpLyxWdlmZKPzBh22JF365_-f9hsCruxNsuJNr0w==
x-amz-meta-git_commit
7b120a5
gpt.js
www.googletagservices.com/tag/js/
81 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8d5f8a3a78bc65572b69f32adf1594a8cdafbf1146696c66accfdcac9373e96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28400
x-xss-protection
0
server
sffe
etag
"1206 / 885 of 1000 / last-modified: 1651788319"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 06 May 2022 02:41:49 GMT
ros-layout.js
qd.admetricspro.com/js/threatpost/
26 KB
4 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 08 Apr 2022 16:11:01 GMT
server
cloudflare
etag
W/"679a-5dc26d73770fc-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ta3lfKBbi7I4piZdBsuPRpkhkFBO2oTRDzrmHa3Plf%2BRY08yIxyD3XJFRJnvPD8cy8%2F2jTol0JP4h7ma%2FkA9lf23r0ahkJCzygjJ2S58v1TICvK4DqOK4oF1Yd5kSNbj3JzkaluFCr%2ByGDNbcK%2FncjCe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5be6ffed3751-MXP
expires
Fri, 06 May 2022 02:45:06 GMT
cmp.js
qd.admetricspro.com/js/threatpost/
310 KB
90 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 01 Jun 2021 14:47:10 GMT
server
cloudflare
etag
W/"4d957-5c3b56abf6028-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpqFrwX031OiGdsLS8OOmZlumMPIQpWStcZrvnKPLWVQWMiBjk0lgQS82ke6q269yCeGCk9AD%2BW4QXpZxcKMWfD8gwsopUajTlaofvKtTKJ4C%2Bkkm8YZl0e3uiPBbPQ9fQDQaRd3l3BHqSTgK5M7bwKi"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5bed3c783751-MXP
expires
Fri, 06 May 2022 02:42:25 GMT
uspcmp.js
qd.admetricspro.com/js/threatpost/
148 KB
58 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 08 Aug 2020 22:40:07 GMT
server
cloudflare
etag
W/"24e50-5ac65673cef1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EgcfvqsWUhYiRaMrDVKtlN2wbG0WOaC%2F4gINvSruHB4mlGakRiaMnFET5SXqfKO2783QEbDQ%2BRqOwTgPfZCICv%2FpeVefXHw%2FVAlg60kY%2BalPIvfxul0JfnXPwpz5dvVEy0P6ANenunSqDnOCwpzPUvCV"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5bed3c7a3751-MXP
expires
Fri, 06 May 2022 02:43:31 GMT
targeting.js
qd.admetricspro.com/js/threatpost/
393 B
525 B
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 21:50:12 GMT
server
cloudflare
etag
W/"189-5c8c2c96f96c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ukW2umiIKRU418jX70notIQTayYiwGQCW%2FNHcbKBVnV89UDrih%2Bu0ejrSoGFhClFDO22Yk4QAxtUoSFeGIYly5V0tDpLodVVh0yTyEXcqDbxngrkjmvwvDj%2FpqHHBC1ld7JgeTzrG9vjgVsMqqF13nM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5bed3c7b3751-MXP
expires
Fri, 06 May 2022 02:51:47 GMT
prebid.js
qd.admetricspro.com/js/threatpost/
430 KB
124 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 15:35:01 GMT
server
cloudflare
etag
W/"6b738-5ce51d26ef74c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9W9jGHAFlocYEfvG6FvoXXY1ktVoxfpplDeA%2Fn08E1KFCF49LNxLf2gyi4NtMFfWQVg3Yd6rUDXBu5rpeXDKx9QHlMw3P7YQB37cGYvnrsDJw%2Bb2Q9pnntsH2GIzZmoGwv5N2P9UVG6BcEktyf1Ak6ce"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5bed3c7c3751-MXP
expires
Fri, 06 May 2022 02:41:52 GMT
engine.js
qd.admetricspro.com/js/threatpost/
35 KB
11 KB
Script
General
Full URL
https://qd.admetricspro.com/js/threatpost/engine.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 24 Jan 2022 02:31:38 GMT
server
cloudflare
etag
W/"8cae-5d64ac49b9c1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2JwiTg4hRasEanWIQp4tdjZL1N4GaS99LgaQ04Tq7uNZKIjxXUBzT3LMijQM%2FhS%2FBXm%2B3c0gmQoklfExvc3dUB%2FRGfenh7TGtCSbmsG%2B%2BC3YkkoQWwY31pk35616e5dhghCwKJGWbgsAXMwnlbeZtpz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
706e5be6ffee3751-MXP
expires
Fri, 06 May 2022 02:43:09 GMT
/
assets.threatpost.com/wp-content/plugins/bwp-minify/min/
294 KB
42 KB
Stylesheet
General
Full URL
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
content-length
42696
x-cache-hit
HIT
last-modified
Wed, 27 Apr 2022 15:05:24 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-debug-auth
off
x-request-host
assets.threatpost.com
x-amz-cf-id
AoQBt81LRrmX-r3RuqhIqdtxswGttDaJzQPoqSgS_pE9xzKN2jSUEA==
expires
Fri, 06 May 2022 13:06:49 GMT
jquery-1.12.4-wp.js
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/
95 KB
37 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:25 GMT
Server
nginx
ETag
W/"62695bb5-17a56"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
alert_text.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/
107 B
461 B
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1651071924
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-6b"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
alert.js
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/
4 KB
2 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1651071924
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-104a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
public.js
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/
116 B
495 B
Script
General
Full URL
https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 11 Jun 2014 19:20:42 GMT
Server
nginx
ETag
W/"5398ac0a-74"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
kaspersky-twitter-pullquote.js
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/
599 B
713 B
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:25 GMT
Server
nginx
ETag
W/"62695bb5-257"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
loadmore.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/
4 KB
2 KB
Script
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-11e7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
social-share.js
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/
18 KB
6 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-484d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
Work-from-Home-WFH.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/
235 KB
235 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/Work-from-Home-WFH.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
151fec0533833003fd2bfd748bdbf4470bf0455353cfde81a65d2bfc42ab1ffe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:41:41 GMT
via
1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Fri, 03 Apr 2020 21:48:19 GMT
server
AmazonS3
age
309609
etag
"b51c9e83543a8338b22a9703d989bae0"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
240137
x-amz-cf-id
E5nL2B8j5xQnOCAChOY1W9CiPLOskpdeF4XmE_fjypULKgiZCwkVmQ==
expires
Sat, 03 Apr 2021 21:48:18 GMT
cloud_web_app-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/
29 KB
30 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/cloud_web_app-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
df6363cedd595cea84e1ea78a528c4d83faf4a806a05c7e889ac6171028e1fa4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 00:58:46 GMT
via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 05 Jan 2021 22:08:25 GMT
server
AmazonS3
age
6658984
etag
"af819ce0de67929e70891936f0e8bd5a"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
29883
x-amz-cf-id
hvCr-eK8fe2gIgPsjI7pKAy9nPerxy7LRtWe4Im4vhaMl2b-ibIWug==
expires
Wed, 05 Jan 2022 22:08:24 GMT
api.js
www.google.com/recaptcha/
852 B
579 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6ccaafd36f24fa6e1d74ede568ae09a0f9bea7d4f56b96049aa44282b3276d9b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
558
x-xss-protection
1; mode=block
expires
Fri, 06 May 2022 02:41:49 GMT
scripts.js
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/
2 KB
1 KB
Script
General
Full URL
https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
W/"62695bb4-828"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
api.js
www.google.com/recaptcha/
852 B
969 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7d14f7695012f02067615441ee9aaf9dbceb41854e0cbcaedfa13d3dfa87ac4c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
556
x-xss-protection
1; mode=block
expires
Fri, 06 May 2022 02:41:49 GMT
main.js
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/
3 KB
1 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
W/"62695bb4-ab4"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
s_code_single_suite.js
media.kaspersky.com/tracking/omniture/
173 KB
49 KB
Script
General
Full URL
https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
185.85.15.23 , Germany, ASN200107 (KL-EXT, CH),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
etag
"8064ef82ed4fd81:0"
x-powered-by
Kaspersky Labs, Kaspersky Labs
alt-svc
h3=":443"; ma=86400
content-length
49335
x-xss-protection
1; mode=block
last-modified
Thu, 14 Apr 2022 10:50:53 GMT
server
x-frame-options
SAMEORIGIN
date
Fri, 06 May 2022 02:41:49 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
x-server
fr1/FRA4
accept-ranges
bytes
x-content-type-options
nosniff
main.js
threatpost.com/wp-content/themes/threatpost-2018/assets/js/
114 KB
40 KB
Script
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-1c643"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
regenerator-runtime.min.js
threatpost.com/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-195e"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
wp-polyfill.min.js
threatpost.com/wp-includes/js/dist/vendor/
19 KB
8 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-4b3d"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
dom-ready.min.js
threatpost.com/wp-includes/js/dist/
1 KB
989 B
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-4e9"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
hooks.min.js
threatpost.com/wp-includes/js/dist/
6 KB
2 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:49 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-163a"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:49 GMT
i18n.min.js
threatpost.com/wp-includes/js/dist/
10 KB
4 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-28a7"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
a11y.min.js
threatpost.com/wp-includes/js/dist/
3 KB
2 KB
Script
General
Full URL
https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Apr 2022 19:23:48 GMT
Server
nginx
ETag
W/"624c9744-bfd"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
jquery.json.min.js
threatpost.com/wp-content/plugins/gravityforms/js/
2 KB
1 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-730"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
gravityforms.min.js
threatpost.com/wp-content/plugins/gravityforms/js/
43 KB
15 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
W/"62695bb4-abe0"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
conditional_logic.min.js
threatpost.com/wp-content/plugins/gravityforms/js/
8 KB
3 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:26 GMT
Server
nginx
ETag
W/"62695bb6-213f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
placeholders.jquery.min.js
threatpost.com/wp-content/plugins/gravityforms/js/
5 KB
2 KB
Script
General
Full URL
https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
public
Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
W/"62695bb4-121f"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=604800, public
Connection
close
Expires
Fri, 13 May 2022 02:41:50 GMT
apstag.js
c.amazon-adsystem.com/aax2/
135 KB
37 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id
6RTeJ.t3xDSJXjTxhAMtPfr9IcIsozAE
content-encoding
gzip
etag
4abd427e43cd6822329a2c05539e321f
age
616
x-cache
Hit from cloudfront
server
Server
x-amz-rid
15Z4P81NS08BK80T0PCA
date
Fri, 06 May 2022 02:31:44 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
TX69hGPGqFMl98E_07K8vwQDF2WCxsNk5riRDTLuRe6JWYrX-AAOaA==
connatix.player.dc.js
cds.connatix.com/p/161155/ Frame CE0F
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/161155/connatix.player.dc.js
869 KB
202 KB
Script
General
Full URL
https://cds.connatix.com/p/161155/connatix.player.dc.js
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e0923868c5cc73af9b062b1601155c5081a6e04465e6ffef5dfc903adb3b88dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 14:45:28 GMT
age
42745
etag
"fc327c43977d845599a7fdbbc549d008"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
206750

Redirect headers

location
https://cds.connatix.com/p/161155/connatix.player.dc.js
date
Fri, 06 May 2022 02:41:49 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
content-length
0
access-control-max-age
86400
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/161155/ Frame CE0F
0
47 KB
Other
General
Full URL
https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 14:45:29 GMT
age
42744
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
/
kasperskycontenthub.com/
0
399 B
Script
General
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=505507294&back=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:50 GMT
X-Content-Type-Options
nosniff
Server
nginx
X-Frame-Options
SAMEORIGIN
Connection
close
Content-Type
application/javascript
x-cache-hit
MISS
Transfer-Encoding
chunked
X-Debug-Auth
off
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Request-Host
kasperskycontenthub.com
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/
184 KB
61 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
56a3251dcdc5c85000a46ab8f8bb567f91fe77663ac1baf4630efdd8aced8c79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62651
x-xss-protection
0
last-modified
Fri, 06 May 2022 00:11:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 06 May 2022 02:41:49 GMT
gtm.js
www.googletagmanager.com/
480 KB
115 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c2a9a90be6e4e5439d7e1da2ceb4c6dac70f681eef95c5587f9a723b97a775fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116925
x-xss-protection
0
last-modified
Fri, 06 May 2022 00:11:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 06 May 2022 02:41:49 GMT
icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/
13 KB
13 KB
Other
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:50 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
"62695bb4-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/
13 KB
13 KB
Other
General
Full URL
https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-173-160-135.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:50 GMT
Last-Modified
Wed, 27 Apr 2022 15:05:24 GMT
Server
nginx
ETag
"62695bb4-328e"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
close
Accept-Ranges
bytes
Content-Length
12942
logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/
19 KB
19 KB
Image
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
public
date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-4a32"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
18994
x-amz-cf-id
aFp2bxNJWOpkLS4jAxrRc3GXS9qcUHNpmxrxThinSkm1glCyEsLEFg==
expires
Fri, 13 May 2022 02:41:49 GMT
mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/
828 B
1 KB
Image
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-33c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
828
x-amz-cf-id
dwMqVvc7qyWceB9SllfqYQpbQHXmnoKvYf_KFRI3W05__g8PYmWxeg==
twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/
868 B
1 KB
Image
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-364"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
868
x-amz-cf-id
crwS-Yd2TWeLhed-ENCrRBDhjWcJdEUbPbw329ulBMcaQr9bcf9fDA==
museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:24 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb4-51a4"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20900
x-amz-cf-id
jtjdMXgiNfKZ13-5jrucSTQEY33M4ItD6XsSGfCYjHAdMr-0hIw52g==
museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-50c8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20680
x-amz-cf-id
xOxEOTwwBfYwZrPZHTF1ajZjLu86uejpj2vTLKxCHRK7gjnFFbtELw==
museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-51b8"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20920
x-amz-cf-id
7jXYVdNAQKuCDvopb-yMfYGmXCNRCCgVFQRKZKgi07zWly9_kmic2A==
museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-5194"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
20884
x-amz-cf-id
EO8Ka595kasFJ4LQYClnm62wipxGJAJ0GHLyqt9sxDq-_UQGsgjEOQ==
museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
15 KB
16 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-3dcc"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
15820
x-amz-cf-id
IOXcNrx3W6rYjRw2jbiaZn99QUmEC899jBq0ig-owMh5JRHsHD4cXg==
museosans-500italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/
23 KB
23 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:24 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb4-5c74"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
23668
x-amz-cf-id
th9mHLGWsePbfIuc1Y8PSKltiV-obChUOp7VcOEnDHtZE9eSyG_Cgw==
player.css
cds.connatix.com/p/161155/
56 KB
9 KB
Stylesheet
General
Full URL
https://cds.connatix.com/p/161155/player.css
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0bfa346d7611b406e1c95c3ae1c7bd1a9a7c5340a7a197842f0005f7380546be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 14:45:29 GMT
age
42745
etag
"563e0ae70a190337a57b9f3faf012f8e"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
8661
mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/
812 B
1 KB
Image
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-32c"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
812
x-amz-cf-id
qeJWAs3YgubxXP7HNT5mBB-fR8LP7sWY_Mw-RFMemVMu7iEUUV6IMg==
logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/
10 KB
10 KB
Image
General
Full URL
https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
public
date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-260a"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
9738
x-amz-cf-id
ADynabqaQYPy-A3vFp4Zk0VQczmA27SIUIdNzE4-fc8JkXCYJb2s5g==
expires
Fri, 13 May 2022 02:41:50 GMT
Aamir-Lakhani-Fortinet.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/08/24032523/
65 KB
66 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/08/24032523/Aamir-Lakhani-Fortinet.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c370ec52be6ed72c6ea0d99567f6b80e4e60aaac7e80d2dfe718efb35dc1ff11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 06:39:17 GMT
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Fri, 18 Sep 2020 17:57:45 GMT
server
AmazonS3
age
1368153
etag
"30ab8922723ac7b148494807416f2019"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
66753
x-amz-cf-id
Q8iB5Q8AVU8_IXptAs_pcrCuFfdOzIhKY9z036FFdb3fyS0YK8ovTQ==
expires
Sat, 18 Sep 2021 17:57:44 GMT
bug-fix-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/
29 KB
29 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/bug-fix-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4564f01d8877e2b9ef7370adb07db5824274499062cea09408e0e167cae7abd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 10:56:28 GMT
via
1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 14 May 2019 20:00:21 GMT
server
AmazonS3
age
1179922
etag
"193ea15196b1313fa8c02cc7ec957d8f"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
29437
x-amz-cf-id
VpTCDCnxNEOwXKhDCBH8V1zILTJxKgy38TfyG-MJ3yb0konp2iuHFA==
expires
Wed, 13 May 2020 20:00:18 GMT
14_kaspersky_secure_futures_magazine_composable_infrastructure-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/
24 KB
25 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-540x270.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
057a6a0bf875e81049e129d63e6475234e4b44ad9cbf348e7a99a3f0b3315978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 02:06:07 GMT
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 01 Mar 2022 20:47:09 GMT
server
AmazonS3
age
1298143
etag
"2a13d05f2f6f80668586a1d8ba489b73"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
24993
x-amz-cf-id
Dq5TbR5xZnZprEOXLuOMka8Z5Z5_KvmFyIJaqWRk0fFeXOAWrR9YFw==
expires
Wed, 01 Mar 2023 20:47:08 GMT
cloud_web_app-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/
3 KB
3 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/01/05170820/cloud_web_app-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 13:00:36 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 05 Jan 2021 22:08:25 GMT
server
AmazonS3
age
49274
etag
"467b7391215e33f5cb19813268f1a4cd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
2755
x-amz-cf-id
6YNMZq79v6aa2eoGxfqkBqPbYB5m8j1JOA0c0rYf-n_8Ek5IstOncA==
expires
Wed, 05 Jan 2022 22:08:24 GMT
Work-from-Home-WFH-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/
2 KB
2 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2020/04/03174818/Work-from-Home-WFH-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 02 May 2022 12:41:42 GMT
via
1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Fri, 03 Apr 2020 21:48:22 GMT
server
AmazonS3
age
309608
etag
"8935e353d0d7393d74a9d2a3c8feec32"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
2024
x-amz-cf-id
bLdf5gD45X8A8Y1gGqjwjsy24CXhAYRBlEnQJ93DtwHUBfA5L28LWg==
expires
Sat, 03 Apr 2021 21:48:21 GMT
bug-fix-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/
2 KB
2 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2019/05/14160018/bug-fix-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5232056dc8a22734e95ac2a205b7ccdec0416eba47e4234cb9113f1443a6d33c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 22 Apr 2022 10:57:47 GMT
via
1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 14 May 2019 20:00:21 GMT
server
AmazonS3
age
1179843
etag
"c443edcced46f1920f25254b3679e95a"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA56-P2, FRA50-C1
accept-ranges
bytes
content-length
1569
x-amz-cf-id
YoZHEwjrLCqwlfOJZ8sm-VQWoF-OohMAs2DL-u5wyi7XCzFsf-J7WA==
expires
Wed, 13 May 2020 20:00:18 GMT
14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/
2 KB
3 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 23:05:52 GMT
via
1.1 1d87c34bb2f20fda8e0841bc33179768.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 01 Mar 2022 20:47:09 GMT
server
AmazonS3
age
2000158
etag
"502f5a6c66ba05c0831f656eb6cc29dd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
2476
x-amz-cf-id
8m0Oj18ac4Ng21z11Xt0LY4y5VqO4UuV9xUMkb8PXwJ3wplYtZEEbw==
expires
Wed, 01 Mar 2023 20:47:08 GMT
checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/
2 KB
3 KB
Image
General
Full URL
https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:2e00:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 23:05:52 GMT
via
1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront), 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
last-modified
Tue, 19 Oct 2021 14:09:44 GMT
server
AmazonS3
age
2000158
etag
"14bf40c9dffffaec5cd1337f170dac93"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1, FRA50-C1
accept-ranges
bytes
content-length
2112
x-amz-cf-id
KpYXysXK6Rio-XDgVTyze9flxa0DiifrKGCyAZSg4tocqc1fw6o4jg==
expires
Wed, 19 Oct 2022 14:09:43 GMT
pls
capi.connatix.com/core/ Frame CE0F
14 KB
6 KB
XHR
General
Full URL
https://capi.connatix.com/core/pls?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f6c726428cbda6ece86af80b19c84f88cd3af45d7d4f87dff8a664298bb39b0c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-max-age
86400
access-control-allow-credentials
true
accept-ranges
bytes
content-length
6163
pubads_impl_2022050501.js
securepubads.g.doubleclick.net/gpt/
368 KB
125 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050501.js?cb=31067453
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
e680f84f5a15d5113b3d271f4f26456bbdd12103f70eaaf21ab08ef68aee9753
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 11:01:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56427
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127685
x-xss-protection
0
last-modified
Thu, 05 May 2022 08:34:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 05 May 2023 11:01:22 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
152 B
742 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
7cb98c109af05dee40f059090a26a3007cd62ab4529d9e2a911c4dd6a781fe2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106
x-xss-protection
0
expires
Fri, 06 May 2022 02:41:49 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/2W_gRz39xX8G13fM-OdyQPlc/
360 KB
143 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/2W_gRz39xX8G13fM-OdyQPlc/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1ac660767f0b902644fec786e9321a1fc2f2d50fac439eaaca062fb60d88124
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 09:50:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
60703
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
145349
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 04:02:19 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 05 May 2023 09:50:06 GMT
config
c.amazon-adsystem.com/cdn/prod/
662 B
1019 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 22:16:22 GMT
via
1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
server
Server
age
15927
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
content-length
662
x-amz-cf-id
DBeMn6hDO8vtOrFs2lO6SOvef1aj7_d_f_HcBbEEZM_NNFNuUP4YjA==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id
aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
1171
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 28 Apr 2022 01:41:20 GMT
server
AmazonS3
date
Fri, 06 May 2022 02:41:49 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
6wnJoK3SWrAWmOzI2d_Gazky_N4uI7Pj8Y1R-6a7-gsTuMK989WFkA==
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/
53 KB
17 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: www.venminder.com
URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-206-210-112.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Fri, 06 May 2022 02:56:49 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/
40 KB
11 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: www.venminder.com
URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.202.126 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:16:06 GMT
content-encoding
br
x-cacheable
Matched cache
x-cdn-pop-ip
137.74.120.0/27
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/javascript;charset=utf-8
cache-control
max-age=3600
x-cdn-pop
sbg
content-disposition
attachment;filename="id5-api.js"
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
content-length
11181
x-request-id
40929173
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1360
date
Fri, 06 May 2022 02:19:09 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 06 May 2022 04:19:09 GMT
quant.js
secure.quantserve.com/
24 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
etag
"u2JtyZzqnTXwzBUswy2r+w=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Fri, 13 May 2022 02:41:49 GMT
uwt.js
static.ads-twitter.com/
28 KB
10 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
last-modified
Tue, 03 May 2022 16:26:14 GMT
etag
"1ce6e12fa6e9b18909e94a06df1ef9cb+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
9561
x-served-by
cache-iad-kjyo7100085-IAD, cache-hhn11549-HHN
vendor-list.json
qd.admetricspro.com/js/cmp2/
318 KB
45 KB
XHR
General
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Tue, 03 May 2022 16:25:12 GMT
server
cloudflare
etag
W/"4f6fe-5de1df3ffe732"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jd8NY7q%2FPdKK8h6NYlX822%2Fb55OK9aMDFITS1haKv537%2FDy%2F0YpIByfGSC17tAXsFicSyiYP3%2FuQDVJ3XfzXrMCkJ%2Be%2FtbTmvbtF%2BARlHbVbj%2FJhgJ31vgZPMXkT%2BnDwlYrZ8Y1SpJDijhVstHJTP6Fj"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
706e5bef09ea5a37-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 06 May 2022 02:51:50 GMT
gtm.js
www.googletagmanager.com/
428 KB
111 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
99a3de1005ce9d9bdefba5834813b56371435f8061342ec1f5c1681500231a0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113733
x-xss-protection
0
last-modified
Fri, 06 May 2022 00:11:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 06 May 2022 02:41:49 GMT
blockedDomains_13.bin
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame CE0F
3 KB
2 KB
XHR
General
Full URL
https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_13.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7074cb3fadd5faa68093bdff82e7c3d0fdc28e455b9b27735d180db690115da9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
last-modified
Mon, 04 Apr 2022 15:28:13 GMT
age
2718710
etag
"481cc5dacd27eba8f7179191b1d76f07"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
1343
sr
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/sr?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
gpt.js
securepubads.g.doubleclick.net/tag/js/
81 KB
28 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
sffe /
Resource Hash
676665e427c1a6d9ebf0911a984aceb41a8e409c805cd988f07815269e56a1b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28400
x-xss-protection
0
server
sffe
etag
"1206 / 143 of 1000 / last-modified: 1651788290"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 06 May 2022 02:41:50 GMT
4_media.bin
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/ Frame CE0F
477 B
387 B
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/4_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
56f445b5b69a3a5ad915042eca5f8363f3efd730dbc80ae54083c6b0c14c4794

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
last-modified
Fri, 23 Apr 2021 13:54:25 GMT
age
42108
etag
"502262765078d1e70d8187fa4b3801c7"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
297
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame CE0F
377 KB
126 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
260561a7eb727dcab19e6a6fcf626183fb3abe0b46a122d7cdae9c6d6dca97b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128643
x-xss-protection
0
expires
Fri, 06 May 2022 02:41:50 GMT
1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/
6 KB
7 KB
Image
General
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
age
1436612
etag
"CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age
86400
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/png
content-length
6487
724.json
id5-sync.com/g/v2/
213 B
621 B
XHR
General
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.71 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216577.ip-141-95-98.eu
Software
/
Resource Hash
422757d1c6ba8faac191d649b5e63bf6289e245729fe44af9e785ef5d948ca2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:49 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
recaptcha__de.js
www.gstatic.com/recaptcha/releases/2W_gRz39xX8G13fM-OdyQPlc/
363 KB
143 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/2W_gRz39xX8G13fM-OdyQPlc/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d516e4641028e8ff59509eb5609cdcb2b296b9aa23020468930226e37f3f4561
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 15:19:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
40939
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
146779
x-xss-protection
0
last-modified
Mon, 25 Apr 2022 04:02:19 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 05 May 2023 15:19:31 GMT
id
dpm.demdex.net/
368 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1651804910239
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.46.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-46-209.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
454725b1338b7947285932d1ed1a01b521065cfdb5d97298b2340b0fad58a933
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v031-04ea3a603.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
aM8jHGrRTII=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
312
Expires
Thu, 01 Jan 1970 00:00:00 UTC
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=65701119&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=414703824&gjid=1279806126&cid=197470812.1651804910&tid=UA-35676203-21&_gid=2007371390.1651804910&_r=1&gtm=2wg540PM29HLF&z=181111801
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=65701119&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=197470812.1651804910&tid=UA-35676203-21&_gid=2007371390.1651804910&gtm=2wg540PM29HLF&z=333103029
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 May 2022 08:14:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
66469
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
localstore.js
script.4dex.io/
483 B
945 B
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2116955
x-amz-request-id
tx0c810f9b689a43feb0d6c-0062543d8e
x-amz-id-2
tx0c810f9b689a43feb0d6c-0062543d8e
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3ELpwsJAv1RJHUZfP%2BUYphZmBYfCsFfz35SVy4Njl%2Bc8AmVqsQwX%2F7V77yWkzkCAsZxIHyfSDDd2UObaYZpslOIm%2BSZY4rizoiMvujpibdwmjQ9KzYLbZL6Hn97JHfIHXbtaB5KQWQKe8RZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1649687875786561
cf-ray
706e5bf1883a59e3-MXP
724.json
id5-sync.com/g/v2/
213 B
621 B
XHR
General
Full URL
https://id5-sync.com/g/v2/724.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.71 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216577.ip-141-95-98.eu
Software
/
Resource Hash
fec1bf5811564121c3bac5792441e70c365ddaff91feab42eddde3e7fc22fc8b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:49 GMT
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/json;charset=UTF-8
bid
c.amazon-adsystem.com/e/dtb/
64 B
533 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&pid=ukvYTkvAzoLDh&cb=0&ws=1600x1200&v=7.75.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
7ETTYYVX9QJWC8PWENHT
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
MLIjiKjwbnvyYeK84VtnGU2xpUW6QEu-4Fv16hNEeyOhETXhmBa_pA==
hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/161155/ Frame CE0F
162 KB
47 KB
Script
General
Full URL
https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
last-modified
Thu, 05 May 2022 14:45:29 GMT
age
42745
etag
"182f65d040bfb9544bd8f71472475672"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
48258
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/
73 KB
28 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
22668635
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
2WE6ye-uIC4ks9gfR3ivhovvA5zAjVmf5aSgyidZtsHT4jQrmPRPxA==
bl-7467d3d-c3eb288d.js
tagan.adlightning.com/math-aids-threatpost/
43 KB
18 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6936f15d2b17c3fec4c5d80e6464b9186e9cc604c0b80cb283deaba6cfe2f4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 10:31:05 GMT
content-encoding
gzip
age
58246
x-cache
Hit from cloudfront
content-length
18077
x-amz-meta-git_commit
7467d3d
last-modified
Thu, 05 May 2022 09:59:40 GMT
server
AmazonS3
etag
"fc9437e02605734b69767a9f2793c5a9"
x-amz-version-id
uN2eGCTwpvhFvCV.T4HexQVAsht.jaKy
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
2wzPg-RkEFUXjwRLgOsLBLekk_LbbIb_OFxnLUCpQ9j3Z2Osrrj0FA==
rules-p-_7kVx0t9Jqj90.js
rules.quantcount.com/
2 B
353 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:02:45 GMT
via
1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
server
AmazonS3
age
2345
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA50-C1
content-length
2
x-amz-cf-id
edhzfx5Dw_4tV4eHdPg8c2g3YIL3xe5kd8Y1NTAn0aRMcY7G_9QwMw==
adsct
analytics.twitter.com/i/
43 B
354 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=86cabd07-2a83-4c89-9fbc-4a79e1685b9b&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time
112
date
Fri, 06 May 2022 02:41:49 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
9eb91662e9e91b24cd0570ad8f6203c8915b9ad3c7561c1954dc4af8e78c3b01
content-length
43
adsct
t.co/i/
43 B
338 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=2.3.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=86cabd07-2a83-4c89-9fbc-4a79e1685b9b&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time
116
date
Fri, 06 May 2022 02:41:49 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
f743958d57677e92e7a7b06e9b9ff9bf38ed2eff912d089773e53acbe80a1683
content-length
43
bid
ap.lijit.com/rtb/
94 B
741 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e4f532de754c231ce589fe030c862f15de5447a4979b69515e8e6282a7834e91

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://threatpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
prebid
ib.adnxs.com/ut/v3/
54 KB
14 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
487be71e7a4a2a65acbb56bc812152f00e845b5c99eadb2e1eb9c432c9f80117
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 06 May 2022 02:41:50 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
396a777a-7cae-4d54-90cf-6041e2de59cf
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/216477/0/
0
170 B
XHR
General
Full URL
https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
adreq
ads.servenobid.com/
548 B
607 B
XHR
General
Full URL
https://ads.servenobid.com/adreq?cb=1188
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
20c0569955e76587d3ea93366b1a031879abe919165e51170a378497fd2d8473

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
v1
btlr.sharethrough.com/universal/
0
112 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:50 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
113 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:50 GMT
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
112 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.59.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-59-51.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:50 GMT
access-control-allow-credentials
true
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/
819 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=e30c8e73-abee-4dab-88b1-8f76a3e5234a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.19464002995066831
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
bcd40f1e98899df081fc240fae0e02d505e265aadd218faac44087b34fcfbc33

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:50 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
819
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
817 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=243778a2-c0e6-47c3-95b4-82938c36136c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.25369005394935784
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f2bb05f69a12fc276ff4aa3fbdbb9dcb5df1d05b17d80e438bdbbb28abf6371a

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:50 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
817
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
817 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=1f5c4e98-5bce-4133-b840-93358c41755f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.28232696344745944
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
af4176ae9b1a59f2e5f47158df6400c4cb74d2aa24f33673d9055fe9e3c4a4cf

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:50 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
817
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
817 B
2 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&tg_i.page=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=1f5c4e98-5bce-4133-b840-93358c41755f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.16278077713517303
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
2882af18f38bb5e90c9eda4f3177fd8b0d94e0a5e6ccbb1210b28389faffde77

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:50 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
817
Expires
Wed, 17 Sep 1975 21:32:10 GMT
arj
teachingaids-d.openx.net/w/1.0/
7 KB
2 KB
XHR
General
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=e30c8e73-abee-4dab-88b1-8f76a3e5234a%2Ce30c8e73-abee-4dab-88b1-8f76a3e5234a%2C243778a2-c0e6-47c3-95b4-82938c36136c%2C1f5c4e98-5bce-4133-b840-93358c41755f%2C1f5c4e98-5bce-4133-b840-93358c41755f&nocache=1651804910462&gdpr=0&x_gdpr_f=1&pubcid=e94adfd7-9c57-404d-b539-ee23746b6718&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
c60c7d92d01dffa38cc869e107efebd7adc113f8299f518edd7734aa5625c2f8

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2080
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
mp.4dex.io/
114 B
556 B
XHR
General
Full URL
https://mp.4dex.io/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b68268746b3717ed1c67395bf7d604395f0fe160ab0e97ab8d7d1c196fff70d

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

cf-ray
706e5bf2ab010211-ZRH
pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 google
cf-cache-status
DYNAMIC
x-warn
Selecting bids. No selected bids
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
server
cloudflare
expires
0
auction
tlx.3lift.com/header/
16 KB
6 KB
XHR
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&tmax=1200&gdpr=false
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.149.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-149-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
7215be27dc549fb4ff4f667e8e4cec073f866906c9dfcdc88daa2fd4612b357e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
accept-ch
sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform
content-type
application/json; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
5665
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
f149af462f82e018fc7ce532123fa087d0aedc05da4631a036726be028bdebf8

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
c1115d2d729e3025178181fd7ced964bdb6dd3f505e9feb2e8f63ee2431a114f

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
291 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
d0b373163e08476c234e6f6d305908f0a186a1b4465fbf7e0449a59e8a6ce971

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
62
c
prebid.a-mo.net/a/
0
346 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:50 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
98
vary
origin, Accept-Encoding
translator
hbopenbid.pubmatic.com/
0
115 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v2
e.serverbid.com/api/
13 B
574 B
XHR
General
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
access-control-allow-headers
origin, content-type, accept
content-length
39
cygnus
htlb.casalemedia.com/
37 B
329 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225954f05fe19d848%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226033ba44cbea0ea%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2261912ec5ecc9dad%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2262e5a7308e67c18%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fd179f3fea0ce3c3476d2bcb799868d1b31e41670588ea19e746f7110103ab5f

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:50 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Fri, 06 May 2022 02:41:50 GMT
bridge3.513.0_en.html
imasdk.googleapis.com/js/core/ Frame 3023
634 KB
205 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ea08df3114b303a43c8e2adfb5c91f2e69462ee8d9713cd8f27c5332e81a493
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
145454
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209849
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Wed, 04 May 2022 10:17:36 GMT
expires
Thu, 04 May 2023 10:17:36 GMT
last-modified
Tue, 03 May 2022 16:58:01 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame CE0F
44 KB
17 KB
Script
General
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 06 May 2022 02:41:50 GMT
bridge3.513.0_en.html
imasdk.googleapis.com/js/core/ Frame 3CE6
634 KB
205 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ea08df3114b303a43c8e2adfb5c91f2e69462ee8d9713cd8f27c5332e81a493
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
145454
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209849
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Wed, 04 May 2022 10:17:36 GMT
expires
Thu, 04 May 2023 10:17:36 GMT
last-modified
Tue, 03 May 2022 16:58:01 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.513.0_en.html
imasdk.googleapis.com/js/core/ Frame 48F4
634 KB
205 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.513.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8ea08df3114b303a43c8e2adfb5c91f2e69462ee8d9713cd8f27c5332e81a493
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
145454
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
209849
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Wed, 04 May 2022 10:17:36 GMT
expires
Thu, 04 May 2023 10:17:36 GMT
last-modified
Tue, 03 May 2022 16:58:01 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
dest5.html
kaspersky.demdex.net/ Frame 2A70
7 KB
3 KB
Document
General
Full URL
https://kaspersky.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.19.46.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-46-209.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v031-002176b17.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YDbOjM3UR0s=
content-encoding
gzip
date
Fri, 6 May 2022 02:41:50 GMT
last-modified
Wed, 27 Apr 2022 09:29:36 GMT
transfer-encoding
chunked
vary
accept-encoding
id
kaspersky.d3.sc.omtrdc.net/
2 B
316 B
XHR
General
Full URL
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=38990236835773763922543512693458714214&ts=1651804910575
Requested by
Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-b4b698fcd-q6lwt
vary
Origin
x-c
main-1640.Id95fac.M0-564
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YnSK7gAAABjGdgP0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=40552020846598719543248989789158379580
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnSK7gAAABjGdgP0
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnSK7gAAABjGdgP0
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Server
52.19.46.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-46-209.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v031-0d4014aca.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
z9BN/JwHQWY=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnSK7gAAABjGdgP0
Date
Fri, 06 May 2022 02:41:50 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
collect
stats.g.doubleclick.net/j/
4 B
441 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=197470812.1651804910&jid=414703824&gjid=1279806126&_gid=2007371390.1651804910&_u=YEBAAEAAAAAAAC~&z=765382386
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 06 May 2022 02:41:50 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/
236 B
563 B
Image
General
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 d55780b776b171387055eca956ae29a8.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:26 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb6-ec"
x-cache
Miss from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
content-length
236
x-amz-cf-id
FHVenvAlHPeXbMRUv_GBabpbVFYsT0W7Llgo6zpsY6grtu-HU7e26w==
fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/
75 KB
76 KB
Font
General
Full URL
https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=e8506041
Origin
https://threatpost.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
last-modified
Wed, 27 Apr 2022 15:05:24 GMT
server
nginx
x-amz-cf-pop
FRA50-C1
etag
"62695bb4-12d68"
x-cache
Miss from cloudfront
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
content-length
77160
x-amz-cf-id
tO5ne0xw6dN_W5WGsQAOww3JK9RYovFl5eucCB18zmSHF_OIjIenkA==
v1
geo.ipify.org/api/
381 B
589 B
XHR
General
Full URL
https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),
Reverse DNS
threatintelligenceplatform.com
Software
nginx /
Resource Hash
73fb5c187e71eaafae15c31f112eb99b27df61d841675fc8ca511397d202629e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:51 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
nginx
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
ao
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ao?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame CE0F
1 KB
1 KB
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
3bcb68a75341bec0824c3631b5e853564e98f41efaa477bbd8dbc55d51191539

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
888
bid
c.amazon-adsystem.com/e/dtb/
23 B
493 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&pid=ukvYTkvAzoLDh&cb=1&ws=1600x1200&v=7.75.0&t=2000&slots=%5B%7B%22id%22%3A%22Amazon_400x225%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=1&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
via
1.1 ad46d498157a92ab1076f74db460670c.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA50-C1
x-amz-rid
DEWS2RN5RBECYRX1MM6E
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
-ULAJ5CehJT8Nvz-2y_nOFYrTcIdXvZLrWhPbD-uMJIUxQhxdIUxyQ==
ps
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/ps?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:49 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/
8 KB
8 KB
Image
General
Full URL
https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
86ea61db754ce2a79cc18ab1c47c9d7a455261af8a4a5ac9e944dd2c795286bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
age
52782
etag
"aV3s9/c6pLcv1AlwfGQNca2+mBID5NR6zSzGb/8CPeI"
access-control-max-age
86400
fastly-io-info
ifsz=87261 idim=2560x1440 ifmt=jpeg ofsz=8124 odim=400x225 ofmt=jpeg
access-control-allow-origin
*
cache-control
max-age=2592000, public
fastly-stats
io=1
accept-ranges
bytes
content-type
image/jpeg
content-length
7697
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 907E
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 01:47:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 06 May 2022 02:47:12 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 3650
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 01:47:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 06 May 2022 02:47:12 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 18D6
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 01:47:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 06 May 2022 02:47:12 GMT
prebid6.20.0.js
cds.connatix.com/p/plugins/ Frame 6622
427 KB
111 KB
Script
General
Full URL
https://cds.connatix.com/p/plugins/prebid6.20.0.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae64c4fccf5c2dec69bcfa480b61f7a4b38af9c9effe8de5a86bd000ea88c74b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
last-modified
Tue, 19 Apr 2022 11:11:32 GMT
age
1342667
etag
"c749275a36a4a1eff60db7ff73bdc29a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
113452
adagio.js
script.4dex.io/
72 KB
23 KB
Fetch
General
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2116372
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx3313fc024d064c7d97e57-0062543f7b
x-amz-id-2
tx3313fc024d064c7d97e57-0062543f7b
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"e88bab2e9c57f44732eeec31ca508d70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXTVUnIWhOx9KXe5XQhacRQlNKelGBrt%2B5v9rdbnINw37P3fGCZIJLqXdHZKW7JGnNt%2BAL7Qhn487fcX1vN3VwxJLFF8gEJ%2FPOz%2FKrIu7uQWmx8tWkOfAYnwj1XCXAoq1RCZK7V2zmNxBinO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1649687874851815
cf-ray
706e5bf58ca859ef-MXP
access-control-allow-headers
Authorization
pixel;r=1804335792;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520...
pixel.quantserve.com/
35 B
372 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1804335792;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email;uht=2;fpan=1;fpa=P0-2120476283-1651804911065;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1651804911064;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2020%2F04%2F03174818%2FWork-%2Ctype.article%2Ctitle.Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%2Cdescription.Aamir%20Lakhani%252C%20global%20security%20strategist%20and%20researcher%20at%20FortiGuard%20Labs%252C%20zer%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fbad-actors-remote-everything%2F179458%2F
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=197470812.1651804910&jid=414703824&_u=YEBAAEAAAAAAAC~&z=788238238
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=197470812.1651804910&jid=414703824&_u=YEBAAEAAAAAAAC~&z=788238238
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
playlist.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/ Frame CE0F
309 B
294 B
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/playlist.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
last-modified
Fri, 23 Apr 2021 13:54:24 GMT
age
52769
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
164
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=threatpost.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
59 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2958761932055192&correlator=2521508535639392&eid=31067392%2C31067453%2C31067412%2C31065517&output=ldjh&gdfp_req=1&vrg=2022050501&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681&sfv=1-0-38&ecs=20220506&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D67090e70af2586e%26hb_bidder_triplelift%3Dtriplelift%26hb_adid_appnexus%3D64a549a9b0a6e2f%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.14%26hb_adid%3D67090e70af2586e%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D6809b03d711eafc%26hb_bidder_triplelift%3Dtriplelift%26hb_adid_appnexus%3D651be9dbe6fd6ee%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.19%26hb_adid%3D6809b03d711eafc%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_openx%3D7057d29addb90a8%26hb_bidder_openx%3Dopenx%26hb_adid_triplelift%3D6930be3e6000e7c%26hb_bidder_triplelift%3Dtriplelift%26hb_adid_appnexus%3D66278359c4ade21%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.14%26hb_adid%3D6930be3e6000e7c%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fbad-actors-remote-everything%252F179458%252F%26urlquery%3Dgoogfc%26contentid%3D179458%26category%3Dinfosec-insider%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1651804911175&lmt=1651804911&dlt=1651804908565&idt=1316&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0&adys=8%2C166%2C1211%2C8&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0&msz=728x0%7C300x0%7C300x0%7C1600x0&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0&ga_vid=197470812.1651804910&ga_sid=1651804911&ga_hid=65701119&ga_fc=true&btvi=0%7C0%7C1%7C0&topics=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050501.js?cb=31067453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
e6bf8dbfd14e690df25d821b6cd3bb2f4c9a2fe1e27fb295e97b0203caed3e00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11151
x-xss-protection
0
google-lineitem-id
5697900654,5697900660,5697900654,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138350694268,138350331120,138350331126,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CBC1
6 KB
4 KB
Document
General
Full URL
https://01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050501.js?cb=31067453
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 06 May 2022 02:41:51 GMT
expires
Sat, 06 May 2023 02:41:51 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
0.m3u8
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/ Frame CE0F
664 B
349 B
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/0.m3u8
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
35ce0065474e23924984a0b8a8bbcd54c01d7f51b7d087bd628dd90503e62f89

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
last-modified
Fri, 23 Apr 2021 13:54:23 GMT
age
52769
etag
"0d6edebbb45ecd5843c1f7d2488a861b"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
access-control-max-age
86400
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
content-length
263
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/ Frame CE0F
1 KB
1 KB
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b041458d3e3d9b3a88dd092ef3277d97e742c7d1e150670ecf155f89e40e0bf4

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Range
bytes=0-1361

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
last-modified
Fri, 23 Apr 2021 13:54:23 GMT
age
52746
etag
"dd24fe0104d80bca89e9e9ff924439fc"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 0-1361/4858878
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
1362
mvo
tag.1rx.io/rmp/233098/0/ Frame 6622
0
170 B
XHR
General
Full URL
https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
prebid
ib.adnxs.com/ut/v3/ Frame 6622
143 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
cf986e49f882ab6ffb2ee7d1e0b0bfae3c222bd5052762abec8aa64b0587c489
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:51 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
eb51bd8b-713f-4892-8634-d88b8b6cd934
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
143
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6622
106 B
127 B
XHR
General
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=889846a4-99aa-40b5-b5c3-365f908b3246&nocache=1651804911247&gdpr=0&pubcid=c00e206e-2cc4-4f89-aa45-e22a0d59bb57&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22skippable%22%3Atrue%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
via
1.1 google
server
OXGW/18.1.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
cygnus
htlb.casalemedia.com/ Frame 6622
36 B
328 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%227eec70e6619c87%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228038506ed16c1d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c00e206e-2cc4-4f89-aa45-e22a0d59bb57%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a96edab0ce112e90882ba72d12fafec41308896437cc59987f289bdb8f7f96ff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
36
x-ak-client-geo
12
expires
Fri, 06 May 2022 02:41:51 GMT
cygnus
htlb.casalemedia.com/ Frame 6622
36 B
328 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%229b63f60213aca4%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22105a199a920347%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22c00e206e-2cc4-4f89-aa45-e22a0d59bb57%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-59-34.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
923b8e0db9f95761f087444fe47d9a8eef8040e80a6d3ca975d6859cbc4fcb70

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://threatpost.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
36
x-ak-client-geo
12
expires
Fri, 06 May 2022 02:41:51 GMT
c
prebid.a-mo.net/a/ Frame 6622
0
228 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
140
vary
origin, Accept-Encoding
translator
hbopenbid.pubmatic.com/ Frame 6622
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/216476/0/ Frame 6622
0
170 B
XHR
General
Full URL
https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
translator
hbopenbid.pubmatic.com/ Frame 6622
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.237.133.116 West Chester, United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
mvo
tag.1rx.io/rmp/216475/0/ Frame 6622
0
170 B
XHR
General
Full URL
https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
bidRequest
c2shb.pubgw.yahoo.com/ Frame 6622
66 B
122 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
ee817ee1f50dd35f9dd8530f78dfd4ca87e20be5dcb85ce2388cef0bb6cd9847

Request headers

Referer
https://threatpost.com/
x-openrtb-version
2.5
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
server
ATS/9.1.0.46
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
content-length
66
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://threatpost.com
access-control-max-age
600
age
0
content-length
0
date
Fri, 06 May 2022 02:41:51 GMT
server
ATS/9.1.0.46
prebid
ib.adnxs.com/ut/v3/ Frame 6622
142 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
3191146ab1383c7a59c455534ed26ddd5b9eb88e18fda02b752acfbc407d4c4b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:51 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a7e3e5f5-0f22-49c3-bf1c-13c957962af9
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://threatpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
142
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/233148/0/ Frame 6622
0
170 B
XHR
General
Full URL
https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.20,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.19.147.42 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://threatpost.com
pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
server
Tengine
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6622
106 B
127 B
XHR
General
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=0b382c33-fc95-43b2-988d-63106104f750&nocache=1651804911270&gdpr=0&pubcid=c00e206e-2cc4-4f89-aa45-e22a0d59bb57&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2Ca15261dd-fec4-40bf-a0ad-0cd33de772b1%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%2C%22skippable%22%3Atrue%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
via
1.1 google
server
OXGW/18.1.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://threatpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/ Frame CE0F
594 KB
595 KB
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4a13eb225b10088a49d4329300e03bcb1b0f394fd5493ecf63dd5beef4aa3630

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Range
bytes=1362-609968

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
last-modified
Fri, 23 Apr 2021 13:54:23 GMT
age
52746
etag
"dd24fe0104d80bca89e9e9ff924439fc"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 1362-609968/4858878
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
608607
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022050501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022050501.js?cb=31067453
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cd43737c8c876d6c175f20c7ad91d4d61fb193b2d4b1e84e550c29c5251a7d35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10516
x-xss-protection
0
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=65701119&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&dp=%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=483157212&gjid=838574885&cid=197470812.1651804910&uid=38990236835773763922543512693458714214&tid=UA-63997723-2&_gid=2007371390.1651804910&_r=1&gtm=2wg540WZ7LJ3&cd14=no_locale&cd15=38990236835773763922543512693458714214&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F101.0.4951.41%20Safari%2F537.36&cd16=197470812.1651804910&z=445475242
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1362
date
Fri, 06 May 2022 02:19:09 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 06 May 2022 04:19:09 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
8 KB
3 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dc7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=30266
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
js
www.googletagmanager.com/gtag/
100 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9582686
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
762f28d3fd1d85dbd732d5ed3c2c6fc338e87eacdc2e05ab5ff82d12326467dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40164
x-xss-protection
0
last-modified
Fri, 06 May 2022 00:11:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 06 May 2022 02:41:51 GMT
g
capi-tier-1-us-east-2.connatix.com/rtb/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/rtb/g?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 06 May 2022 02:41:51 GMT
collect
stats.g.doubleclick.net/j/
4 B
25 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=197470812.1651804910&jid=483157212&uid=38990236835773763922543512693458714214&gjid=838574885&_gid=2007371390.1651804910&_u=aEDAAEABAAAAAC~&z=1887493307
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatpost.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 06 May 2022 02:41:51 GMT
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.mp4
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/ Frame CE0F
536 KB
536 KB
XHR
General
Full URL
https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/d75bb1e4-bbe1-4342-85cb-18b163190756/b07d8368-ce1b-45eb-90ae-15fdb15c57d5_/0.mp4
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/161155/hls.5b3b785f487abbe00eee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bcbbe59ee508a5eb5391f0d0940e193a737c8f1ad606366e711e6b6f519d5544

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Range
bytes=609969-1158682

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
last-modified
Fri, 23 Apr 2021 13:54:23 GMT
age
52746
etag
"dd24fe0104d80bca89e9e9ff924439fc"
access-control-max-age
86400
content-type
video/mp4
Content-Range
bytes 609969-1158682/4858878
cache-control
public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges
bytes
access-control-allow-origin
*
Content-Length
548714
js
www.googletagmanager.com/gtag/
188 KB
68 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
512b2ba688ff2c1d2532eb28d25b5f5a2e0b4b13058debd9966b2c2e7ccd202f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69265
x-xss-protection
0
expires
Fri, 06 May 2022 02:41:51 GMT
ga-audiences
www.google.com/ads/
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=197470812.1651804910&jid=483157212&_u=aEDAAEABAAAAAC~&z=760801752
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
63 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=197470812.1651804910&jid=483157212&_u=aEDAAEABAAAAAC~&z=760801752
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mq
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/mq?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oH...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1651804911447%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Fbad-a...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oH...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-o...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_content%3D212153234%26utm_source%3Dhs_email%26utm_medium%3Demail%26_hsmi%3D212153234%26web_view%3Dtrue&liSync=true&e_ipv6=AQJ3-5xCYNhLGwAAAYCXPrpRXJFx3Zvo19Jea_0mBa5XxAF_KQOeABbBzHKIHzgCvbjee_IzfPWex0EWiT9Q7r0bg7i7aQ
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 2C070D03811E4BF58D183B465159ECC7 Ref B: FRAEDGE1115 Ref C: 2022-05-06T02:41:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeTs0MHI6GklqP9UeJ4A==
x-li-fabric
prod-ltx1

Redirect headers

date
Fri, 06 May 2022 02:41:52 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 88DA8C3383C548B0A2E89E2867B114DB Ref B: FRAEDGE1119 Ref C: 2022-05-06T02:41:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1651804911447&url=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3F_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_content%3D212153234%26utm_source%3Dhs_email%26utm_medium%3Demail%26_hsmi%3D212153234%26web_view%3Dtrue&liSync=true&e_ipv6=AQJ3-5xCYNhLGwAAAYCXPrpRXJFx3Zvo19Jea_0mBa5XxAF_KQOeABbBzHKIHzgCvbjee_IzfPWex0EWiT9Q7r0bg7i7aQ
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeTs0HpDnqpaLERyOVoA==
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8FCA
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
17441
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 05 May 2022 21:51:10 GMT
expires
Fri, 05 May 2023 21:51:10 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 3667
783 B
535 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
00c37c0419676c0f44d23b92140d3a7a9d90acfe4af50b10beda33da55bb6a17
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-TFeLSxbZ5tTQEri77/YO5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-TFeLSxbZ5tTQEri77/YO5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 06 May 2022 02:41:51 GMT
expires
Fri, 06 May 2022 02:41:51 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remot...
9582686.fls.doubleclick.net/ Frame A127
Redirect Chain
  • https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-rem...
  • https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=t...
906 B
661 B
Document
General
Full URL
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f6.1e100.net
Software
cafe /
Resource Hash
515839ca15e81f931a4ed2e6d53a0267f88d12a813cd59ce18bee17abe1837c9
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
636
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 06 May 2022 02:41:51 GMT
expires
Fri, 06 May 2022 02:41:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 06 May 2022 02:41:51 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
bl-7467d3d-c3eb288d.js
tagan.adlightning.com/math-aids-threatpost/ Frame 1F10
43 KB
18 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6936f15d2b17c3fec4c5d80e6464b9186e9cc604c0b80cb283deaba6cfe2f4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 10:31:05 GMT
content-encoding
gzip
age
58247
x-cache
Hit from cloudfront
content-length
18077
x-amz-meta-git_commit
7467d3d
last-modified
Thu, 05 May 2022 09:59:40 GMT
server
AmazonS3
etag
"fc9437e02605734b69767a9f2793c5a9"
x-amz-version-id
uN2eGCTwpvhFvCV.T4HexQVAsht.jaKy
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
-A-NBKGeg7LupZ4qGHbXfZZ82WFHftoegwpHBrMLz3VxK13_q0l-Mw==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 1F10
73 KB
28 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
22668636
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
FEtZSluio_123rx5gQnKhmOIynT1pvtWa4cb1Hk1M3275HTX8w59hA==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1F10
120 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1b2415f02c89234a4b94896afa68c68db82465563711b8b05f0c1b8b3ba580b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651664140737961"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 06 May 2022 02:41:51 GMT
bl-7467d3d-c3eb288d.js
tagan.adlightning.com/math-aids-threatpost/ Frame 5AA6
43 KB
18 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6936f15d2b17c3fec4c5d80e6464b9186e9cc604c0b80cb283deaba6cfe2f4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 10:31:05 GMT
content-encoding
gzip
age
58247
x-cache
Hit from cloudfront
content-length
18077
x-amz-meta-git_commit
7467d3d
last-modified
Thu, 05 May 2022 09:59:40 GMT
server
AmazonS3
etag
"fc9437e02605734b69767a9f2793c5a9"
x-amz-version-id
uN2eGCTwpvhFvCV.T4HexQVAsht.jaKy
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nrAfOzepPEnKb6pUAICg4qJdRCNrk1yd1timpC2VKh9q7YpV4-iwwg==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 5AA6
73 KB
28 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
22668636
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
6f3fW8yMsQbXOqbsluGwPbWxUSMAMllePBNBFxRFBAni9en2HMuoTQ==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5AA6
120 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1b2415f02c89234a4b94896afa68c68db82465563711b8b05f0c1b8b3ba580b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651664140737961"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 06 May 2022 02:41:51 GMT
bl-7467d3d-c3eb288d.js
tagan.adlightning.com/math-aids-threatpost/ Frame 968A
43 KB
18 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/bl-7467d3d-c3eb288d.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6936f15d2b17c3fec4c5d80e6464b9186e9cc604c0b80cb283deaba6cfe2f4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 10:31:05 GMT
content-encoding
gzip
age
58247
x-cache
Hit from cloudfront
content-length
18077
x-amz-meta-git_commit
7467d3d
last-modified
Thu, 05 May 2022 09:59:40 GMT
server
AmazonS3
etag
"fc9437e02605734b69767a9f2793c5a9"
x-amz-version-id
uN2eGCTwpvhFvCV.T4HexQVAsht.jaKy
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
2LvWgCaD7flOAdMR8asUt_0GIA7TbpTE3NR8DoOG3vg92ivG4fDGCQ==
b-7b120a5-9b871d4e.js
tagan.adlightning.com/math-aids-threatpost/ Frame 968A
73 KB
28 KB
Script
General
Full URL
https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-119.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Mon, 16 Aug 2021 17:51:16 GMT
content-encoding
gzip
age
22668636
x-cache
Hit from cloudfront
content-length
28179
x-amz-meta-git_commit
7b120a5
last-modified
Mon, 16 Aug 2021 17:49:31 GMT
server
AmazonS3
etag
"c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id
HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
axSOec0KRfvYzxklEiNPdK-z14muV2d_IqpgiLoEmhszVJQf06wBqA==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 968A
120 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f1b2415f02c89234a4b94896afa68c68db82465563711b8b05f0c1b8b3ba580b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37409
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1651664140737961"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 06 May 2022 02:41:51 GMT
collect
www.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe540&_p=65701119&_z=ccd.tbB&cid=197470812.1651804910&ul=en-us&sr=1600x1200&_s=1&sid=1651804911&sct=1&seg=0&dl=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&dt=Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%20%7C%20Threatpost&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20bad-actors-remote-everything%2F179458&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=38990236835773763922543512693458714214
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;...
adservice.google.com/ddm/fls/z/ Frame A127
42 B
63 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=*;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email
Requested by
Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKWU-efsyfcCFbcQBgAdcz4BKA;src=9582686;type=globalc;cat=globa0;ord=5956082928660;gtm=2od540;auiddc=870462571.1651804911;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Fbad-actors-remote-everything%2F179458%2F;u6=;u7=38990236835773763922543512693458714214-197470812.1651804910;u9=_bad-actors-remote-everything_179458_;~oref=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://9582686.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 3667
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022050501&jk=2958761932055192&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

view
securepubads.g.doubleclick.net/pcs/ Frame 1F10
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssthQBMhrqmINc96YhnOBymbg3CPLDNHFMV8N7SDOjriwxJ7Zg3dkbo5SAZS1-kydUS9xXu7dL897Jv3eWz_e4qfyq_wgnGNL_QoP9euJ2raGuggFhQdFFSQkeJSCHhRclHAossE5QxSk7tEUDPVQgrkZrmNiYUULHtin3dHPLv8mpkX8VNXbSPr0EIk-i_AqlY-QMTtt7d0euVIF9c0P9crKeV4CjOKN9M1jNVaUSvU9cYWC4H-ABwwsXjrkQrkQnh6ABZbiN7C9YdG_NO5_w9um6Tu-mD12LP2aBujJQr3kndLkNb0pf_c2u8Zuj58Q7ViEvxJg&sai=AMfl-YRqECQccAnIiy2ZPFpxq5B8kckJcNeUDtzeNkZaT0m50-x_tR3a6dUx85jLMweF8QeW9FziOUp0gKVbwb9MaUWF0K-Oo6571ZUGWMDGbKDZJN0rhUrccO7p1vtLnE8&sig=Cg0ArKJSzLOi7pDWUQb8EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ttj
ib.3lift.com/ Frame 1F10
4 KB
2 KB
Script
General
Full URL
https://ib.3lift.com/ttj?inv_code=Threatpost_ROS_HDX
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
/
Resource Hash
8b8ad58cb3d18276cefea6d757c0d5390ebfd513b62e2b003d75d4afde12ee2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
etag
"07150710726940cd415349bee886502a9834a31f"
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
content-encoding
gzip
content-length
2029
x-amz-cf-id
C1AU4uZEi7XXZOUf4uTnh1_UN7KgnGBlO_V94nKYSCTecom9fnKcJw==
notify
tlx.3lift.com/header/ Frame 1F10
37 B
183 B
Image
General
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.145&ts=1651804910&aid=10810138826073172627110&ec=3690_62334_10631116&n=GgDyAtkBCAASFzEwODEwMTM4ODI2MDczMTcyNjI3MTEwGAAgASjqHDD%2B5gNAAUgAUABgCmgAcKOAA5ABAJgBAKgBALABvwG4AQXAAZEByAG%2FAeABD%2FABAPgBvwGAApEBiAIPkQIAAAAAAADwP5kCuB6F61G4zj%2BhAgAAAAAAAPA%2FqAIAsAIByAIE2AIA8QJmZmZmZmbmP%2FgC4TiAA9gFiANakAMAmAMAoAMAuAOx%2FRLAAwDIAwDSAwgxMDYzMTExNuADhLLiC%2BkDAAAAAAAAAADwA78B%2BQMAAAAAAAAAAPgCDIgDAJIDBDM5OTWYAwCgA9qpBKgDAA%3D%3D
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.149.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-149-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:51 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
pe
eb2.3lift.com/ Frame 1F10
37 B
140 B
Image
General
Full URL
https://eb2.3lift.com/pe?fid=10&peid=0&aid=10810138826073172627110
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame 5AA6
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuihuE0hf7Ax7gz6P7aW3SC3cAcJpppyDdeO4Jbqi6yymqSRPI3waPBn0D3qWTKcvy1y6OCnTn_7s6ST7oBP1Jy5nF472ROUmj-fyAwPov52GA7fpgzXevS6Q35BJtqyHVIZ-buzcuLt0HfyI-B-UjOMFGEiq88z7NI33faBf2Y58euJtSAEGal2etJMRd0kb3PIft1pmttSqEiZuJ-GjVAHv4bXeY1WVMrgm7-RRlW9BmCwHoFYUdoJ7HK5RmbPpOhhArheUpN1EJa-D_sI1EoaH0eC4NIIXpJuTJfFX6qiGZ2j5cQcLYNGRNSASFGUn_VdplzdQ&sai=AMfl-YT-qBJM-y1XOy_dx7Ovz7F2LU_1BiBiqZI9IDyN8Rj7PJ9YDynuhL52b-aGIPUVGreZMgMGPcK5WHV5ohRu0IpLg0cj3N7hXkiJyhk9hTc9ahG2HW_ynfnPtLig1_Q&sig=Cg0ArKJSzDk9PQ5g8fvvEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:51 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ttj
ib.3lift.com/ Frame 5AA6
4 KB
2 KB
Script
General
Full URL
https://ib.3lift.com/ttj?inv_code=Threatpost_ROS_HDX
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
/
Resource Hash
8b8ad58cb3d18276cefea6d757c0d5390ebfd513b62e2b003d75d4afde12ee2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
etag
"07150710726940cd415349bee886502a9834a31f"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
content-encoding
gzip
content-length
2029
x-amz-cf-id
nwkikjNeYndfiCFJ-nPdMgKcbeW3vbPEPjTRIgdOGmhNwwlxAdgbhQ==
notify
tlx.3lift.com/header/ Frame 5AA6
37 B
183 B
Image
General
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.192&ts=1651804910&aid=10810138826073172627111&ec=2409_67031_366_2501017&n=GgDyAuYBCAASFzEwODEwMTM4ODI2MDczMTcyNjI3MTExGAAgASjpEjDXiwRAAUgAUAFgCmgAcI67IpABAJgBAKgBALAB3QG4AQXAAcAByAHdAeABmwHwAQD4Ad0BgALAAYgCmwGRAgAAAAAAAPA%2FmQKkcD0K16PAP6ECAAAAAAAA8D%2BoAgCwAgLIAgTYAgDxAmZmZmZmZuY%2F%2BALwJIADrAKIA%2FoBkAMAmAMAoAMAuAPZ8x%2FAAwDIAwDSAwszNjZfMjUwMTAxN9oDBDIwMjXgA5z6kArpAwAAAAAAAAAA8APdAfkDAAAAAAAAAAD4AgyIAwCSAwRkM2QzmAMAoAPaqQSoAwA%3D
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.149.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-149-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
pe
eb2.3lift.com/ Frame 5AA6
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/pe?fid=10&peid=0&aid=10810138826073172627111
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
view
securepubads.g.doubleclick.net/pcs/ Frame 968A
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZWoIMGstqypd9q1mCvMF-JEViqT8u1TdIKRi5eJcrPR9TrgxbV9Ql9G8a3QCHzPurzp6Ln6slMK6_m9KaqgENFSoyG3hHsx2rhFkvQgxwuhREDXk0n8BjOAVxbvfJHQrw6XCDJiiQewQrTBOtqUEmurK-v5TArTLUwjBc97Io_yuxTYCYQBWUbSG9RLaqE4xQxmTn1oSEQVPuNZCC3H3bDFmMPX2T_2smPj2HZlBqj0UwZMlUSRSMBZWpw_zgKOiBW38HY9zI9_X6L96yQOJVjMJiUsKSzfqPdPUaQxb6Yqic17joUgP_bBGxAAnG2q0WpQf7yg&sai=AMfl-YQC9g7aSg9xy4QjISfSwul9ACJKEpXzf_inBYtQfCNoIByv4_auIY9IhJ72Y2TQT4F-ezR35o727foz6836Lw-YbEtP5wr4E0gPdTgGorUNQoR6bB8sgN7pZmjpl7E&sig=Cg0ArKJSzG9HpX0X9gnJEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:52 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ttj
ib.3lift.com/ Frame 968A
4 KB
2 KB
Script
General
Full URL
https://ib.3lift.com/ttj?inv_code=Threatpost_ROS_HDX
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
/
Resource Hash
8b8ad58cb3d18276cefea6d757c0d5390ebfd513b62e2b003d75d4afde12ee2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:51 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
etag
"07150710726940cd415349bee886502a9834a31f"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
content-encoding
gzip
content-length
2029
x-amz-cf-id
yWwAwH14hpdAKG8cmuottshr6bwS1bnajuu4QBScOcYeolTXIjJTaw==
notify
tlx.3lift.com/header/ Frame 968A
37 B
183 B
Image
General
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.145&ts=1651804910&aid=10810138826073172627112&ec=3690_62334_10631113&n=GgDyAtoBCAASFzEwODEwMTM4ODI2MDczMTcyNjI3MTEyGAAgASjqHDD%2B5gNAAUgAUABgCmgAcKOAA5ABAJgBAKgBALABvwG4AQXAAZEByAG%2FAeABD%2FABAPgBvwGAApEBiAIPkQIAAAAAAADwP5kCuB6F61G4zj%2BhAgAAAAAAAPA%2FqAIAsAIAyAIE2AIA8QJmZmZmZmbmP%2FgC4TiAA6wCiAPYBJADAJgDAKADALgDsf0SwAMAyAMA0gMIMTA2MzExMTPgA62y4gvpAwAAAAAAAAAA8AO%2FAfkDAAAAAAAAAAD4AgyIAwCSAwQzOTk1mAMAoAPaqQSoAwA%3D
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.149.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-149-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
pe
eb2.3lift.com/ Frame 968A
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/pe?fid=10&peid=0&aid=10810138826073172627112
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
s43145868093246
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/
43 B
244 B
Image
General
Full URL
https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s43145868093246?AQB=1&ndh=1&pf=1&t=6%2F4%2F2022%202%3A41%3A52%205%200&mid=38990236835773763922543512693458714214&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20bad-actors-remote-everything%2F179458&g=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvI&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20bad-actors-remote-everything%2F179458&v9=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220414%3A289%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Bad%20Actors%20Are%20Maximizing%20Remote%20Everything%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v86=v1%3Ahs_email%3Aemail%3AThird%20Party%20Thursday%20Newsletter%3A%5BNULL%5D%3A212153234&v113=38990236835773763922543512693458714214&v116=197470812.1651804910&v125=0.03759068036255542_1651804910241&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=Lc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
x-content-type-options
nosniff
x-c
main-1640.Id95fac.M0-564
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 07 May 2022 02:41:52 GMT
server
jag
xserver
anedge-b4b698fcd-9drvz
etag
3547224039593902080-4619463861507350335
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 05 May 2022 02:41:52 GMT
6kAZB2R2IkMw87P0-iGviT-Bq_noDLkkkR6BhhZ9kEI.js
pagead2.googlesyndication.com/bg/ Frame 8FCA
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/6kAZB2R2IkMw87P0-iGviT-Bq_noDLkkkR6BhhZ9kEI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea4019076476224330f3b3f4fa21af893f81abf9e80cb924911e8186167d9042
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Thu, 05 May 2022 21:51:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
17442
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13523
x-xss-protection
0
last-modified
Mon, 02 May 2022 13:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 05 May 2023 21:51:10 GMT
bundle.js
ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/ Frame 5AA6
257 KB
82 KB
Script
General
Full URL
https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a9d91eee1d1fc2c9ee18e5a696673a518aac7ec131057e02be101b8be455609

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 14:56:54 GMT
content-encoding
gzip
last-modified
Wed, 04 May 2022 14:56:36 GMT
server
AmazonS3
age
128699
etag
"af7fbda98441e105423cb86797f6c6e3"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
83391
x-amz-cf-id
rgTO843Cs9tjVhLGIaUssIkA-dcz3Z-Px5j1HPjA3oHrem7zawTL3Q==
truncated
/ Frame 5AA6
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cd9c1fce128cb4ccaaf42541edb395b891038aa9f48a6a5d98747ee3bfb4f70e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
bundle.js
ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/ Frame 1F10
257 KB
82 KB
Script
General
Full URL
https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a9d91eee1d1fc2c9ee18e5a696673a518aac7ec131057e02be101b8be455609

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 14:56:54 GMT
content-encoding
gzip
last-modified
Wed, 04 May 2022 14:56:36 GMT
server
AmazonS3
age
128699
etag
"af7fbda98441e105423cb86797f6c6e3"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
83391
x-amz-cf-id
zeefA0rkU-XygUyiktk4rfMJLlZ06AcHdSXqGRbQ_u-VWxhhZ7sIpw==
truncated
/ Frame 1F10
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67c9810ce91d16a590b83e032a954759549152deea006379090e13dd345f2424

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
notify
tlx.3lift.com/header/
37 B
183 B
Image
General
Full URL
https://tlx.3lift.com/header/notify?px=1&pr=0.192&ts=1651804910&aid=10810138826073172627111&ec=2409_67031_366_2501017&n=GgDyAuYBCAASFzEwODEwMTM4ODI2MDczMTcyNjI3MTExGAAgASjpEjDXiwRAAUgAUAFgCmgAcI67IpABAJgBAKgBALAB3QG4AQXAAcAByAHdAeABmwHwAQD4Ad0BgALAAYgCmwGRAgAAAAAAAPA%2FmQKkcD0K16PAP6ECAAAAAAAA8D%2BoAgCwAgLIAgTYAgDxAmZmZmZmZuY%2F%2BALwJIADrAKIA%2FoBkAMAmAMAoAMAuAPZ8x%2FAAwDIAwDSAwszNjZfMjUwMTAxN9oDBDIwMjXgA5z6kArpAwAAAAAAAAAA8APdAfkDAAAAAAAAAAD4AgyIAwCSAwRkM2QzmAMAoAPaqQSoAwA%3D&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.149.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-149-239.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
expires
Thu, 15 Oct 1992 20:10:00 GMT
r
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/r?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627111&rev=2ff8906&pr=un&bc=0.221&bmid=2409&biid=4720&sid=67031&brid=564622&adid=366_2501017&crid=21249308&ts=1651804910&bcud=221&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=75928
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
truncated
/ Frame D471
26 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/gif
OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 5AA6
3 KB
3 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 13:45:28 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:36 GMT
server
AmazonS3
age
564985
etag
"ddf020e069f1706b72b7698b28fede09"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3125
x-amz-cf-id
8rEcrqmiKBXLYGihOTsJfJRLKiGBdNeDclHwPuIIH2Zx3e4o87AW7Q==
OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 5AA6
3 KB
4 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 23:34:23 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:31 GMT
server
AmazonS3
age
529650
etag
"7ceab27af00fa466072a3c3360041755"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3518
x-amz-cf-id
CEBC89LfXjMnCsyLfZ_N_3AraswHH09iUTm5boF-6zfdpGdWNiILYA==
ctar
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ctar?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627111&rev=2ff8906&cta_render_method=1&cta_render_text=&cb=43397
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
Logo.png
images.perf-serving.com/hear/2401/Reveal/ Frame 8A0F
6 KB
6 KB
Image
General
Full URL
https://images.perf-serving.com/hear/2401/Reveal/Logo.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.154.251 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.154.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f8514a30f942ec4b909b893ba9f28790566a48b122df114c8aa360fe375fd6a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:03:08 GMT
age
2324
x-guploader-uploadid
ADPycduyMbNlZbp6PcTF2VgkG0xMiiYL86LBi7p8txJar8oPC3_00mQMmx2jgEwG24vnlM08SAcxr0WAvFiZWG0MxiXLBcowsB8Z
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
5979
last-modified
Thu, 31 Mar 2022 13:11:30 GMT
server
UploadServer
etag
"7f92752cb1c2a8a547426a54bfc77e35"
x-goog-hash
crc32c=Dp43cA==, md5=f5J1LLHCqKVHQmpUv8d+NQ==
x-goog-generation
1648732290806171
access-control-allow-origin
*
cache-control
public, max-age=3600
x-goog-stored-content-length
5979
accept-ranges
bytes
content-type
image/jpeg
expires
Fri, 06 May 2022 03:03:08 GMT
aop
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/aop?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627111&rev=2ff8906&pr=un&bc=0.221&bmid=2409&biid=4720&sid=67031&brid=564622&adid=366_2501017&crid=21249308&ts=1651804910&bcud=221&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=26863
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
adc_icon.png
oba-pool-eu.perf-serving.com/ Frame 8A0F
3 KB
3 KB
Image
General
Full URL
https://oba-pool-eu.perf-serving.com/adc_icon.png
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.179.85 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-179-85.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
41c277a5af698eaa024d37ebe3d4bdff204b3d1aac980f21b7e74e02f13e8262

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:52 GMT
Cache-Control
max-age=86400
Last-Modified
Wed, 04 May 2022 13:16:08 GMT
Connection
keep-alive
ETag
16516701682794
Content-Length
2794
Content-Type
image/png
TB4191-TB3243-Hand-smartwatch-health-screen-pinchy-1200x627.jpg
images.perf-serving.com/hear/2401/Reveal/ Frame 8A0F
155 KB
156 KB
Image
General
Full URL
https://images.perf-serving.com/hear/2401/Reveal/TB4191-TB3243-Hand-smartwatch-health-screen-pinchy-1200x627.jpg
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.154.251 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
251.154.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
18d6e52207752c1915ed1ce61df21341b12b82bdc1e2dde86f81765c5aa81b1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:02:20 GMT
age
2372
x-guploader-uploadid
ADPycdsyFAId2lGD1IoIAbIelKzzQkTN1wNbrVWmDSn1zoajXf50kvxC6IXnkfNtegAaaJarWVyGstCSQCdFVKnhQg2z
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
159231
last-modified
Thu, 31 Mar 2022 13:05:04 GMT
server
UploadServer
etag
"5f80063672f3643addad2f70dbd65ed6"
x-goog-hash
crc32c=UFx1wA==, md5=X4AGNnLzZDrdrS9w29Ze1g==
x-goog-generation
1648731904923541
access-control-allow-origin
*
cache-control
public, max-age=3600
x-goog-stored-content-length
159231
accept-ranges
bytes
content-type
image/jpeg
expires
Fri, 06 May 2022 03:02:20 GMT
/
oba-pool-eu.perf-serving.com/imp_notice_c2s/v1/lgXTWSc5-6FEX9g9HgTCzaamMWrQn6317P3_wTJdHt5bcZW2dV2w4RJm-Xd2EQYPYz9xSAVNEUjOI8TuQ5aEc0IaGLhZ1PPRHum39SD7B_ij14oiwWeAy_Vx_QAGNKUOSv9HIMzDaf40UlrOjf2AG1... Frame 8A0F
43 B
220 B
Image
General
Full URL
https://oba-pool-eu.perf-serving.com/imp_notice_c2s/v1/lgXTWSc5-6FEX9g9HgTCzaamMWrQn6317P3_wTJdHt5bcZW2dV2w4RJm-Xd2EQYPYz9xSAVNEUjOI8TuQ5aEc0IaGLhZ1PPRHum39SD7B_ij14oiwWeAy_Vx_QAGNKUOSv9HIMzDaf40UlrOjf2AG1k5kCVGUGoaIXUNRYv9eQ1-5mMM8Vs-aFTjq_cOsKWlMvJbpHmWVSEt8DA2pL1Z7pf-tf225_9frwdh9gtu5trq-F_wVpoGXcJcsqHaNGuf8O031bgCBz4mL-WkvYIqIkn_M6E81PHv2KK-43zCuX3DzveYM-CL5193b692xdhWDGQNxHoj_CPEMK1pRtjh9bIQGL1-ZlDIT7u28iErOpzOy_doqHHpW5TJt13qCQkrp7va6mh7yW4ePKDvaL2qo9p4QBkkRCios5XjbyDbr-PqKBevm_rOVMQIDmlDNA1NbcjDsbrRxX5oKiQpfjS8ZOIYyvBe64qVaYUT-ASDUK2CPFPwVkdyQCh3BDPiK58kUoELpccSQpwRcIZNIr08vffoQ80RBlQHyTiJ0i1i1VC_dGQDm673SLD4Qvqt0Y8uX3StcbS9hjvYUqtswohaoORRtVAFYgTITQNTBhoVsgzCwdarNJGNhXoE-73ncfeedRaMYNOxC3lwHZWn0iD062fNFg-PnU58TC3eF5CR0GF_zgurPkbXiROlbXZ0xDfNTcZRtc4_W-qkYxAO2kvj9EuWwnxYmStTxC0fSJ0XLLQdUbS4AYhC0mqwiIidpfQpZM_faZsiq7Z3nincr_XLxjLXDMUplmc0n2T0EJaYDg3tEJ6AqxMpQnOUZ7c0rxlNvo6Y-Uy8PUWIbBXs5poXpTzkqf-O0eRJb8_gozJHstOWf6Ou7BmqnYqAaw7R0aIDseH8trOMpVATO41U2ybCfPF66aAFUCzP5hUZlVpdJgnc24XM23jK_LBNDjzg7N6qjECyTXpLQRvHQ2HmgTSaNy8t5RpRl7MmV1EkU7eDiPm9B_UMhWBYPuShAh8JThhZR8vlnJfIkk0FASJ2GcLr-pqI_eKBO_zrCotl0PzLVaL5M4NGZHHbMcaZOVahWmUjYto0Og6n7fC_fCxg30R_hN3AImPL-swtRTW8ZdDo_gxW0pHlyzHx17qUo02cJA_JWz5tHYrA1_yDmXBnEfPpF-4XB80j6AI16d8fjmOCXwgoiczLQvMQbLNZLy-3TfEFXE9aqTq-P9UPsaaFsc4NaRoJLNbvifOMD8Tczc22JRw_T0grzLfWiQ6vCvmshbO7dBADH7mwIdKFwDbGUz0hV6R93uS8PHieSmE7Sx1ch3qipuQHWaZ3_WM/
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.179.85 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-179-85.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:52 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
/
ghent-aws-fr.bidswitch.net/imp/0.221/BSWhttps_A_B_Boba-pool-eu.perf-serving.com_Bimp__s2s_Bv1_BlgXTWSc5-6FEX9g9HgTCzaamMWrQn6317P3__wTJdHt5bcZW2dV2w4RJm-Xd2EQYPYz9xSAVNEUjOI8TuQ5aEc0IaGLhZ1PPRHum39... Frame 8A0F
43 B
733 B
Image
General
Full URL
https://ghent-aws-fr.bidswitch.net/imp/0.221/BSWhttps_A_B_Boba-pool-eu.perf-serving.com_Bimp__s2s_Bv1_BlgXTWSc5-6FEX9g9HgTCzaamMWrQn6317P3__wTJdHt5bcZW2dV2w4RJm-Xd2EQYPYz9xSAVNEUjOI8TuQ5aEc0IaGLhZ1PPRHum39SD7B__ij14oiwWeAy__Vx__QAGNKUOSv9HIMzDaf40UlrOjf2AG1k5kCVGUGoaIXUNRYv9eQ1-5mMM8Vs-aFTjq__cOsKWlMvJbpHmWVSEt8DA2pL1Z7pf-tf225__9frwdh9gtu5trq-F__wVpoGXcJcsqHaNGuf8O031bgCBz4mL-WkvYIqIkn__M6E81PHv2KK-43zCuX3DzveYM-CL5193b692xdhWDGQNxHoj__CPEMK1pRtjh9bIQGL1-ZlDIT7u28iErOpzOy__doqHHpW5TJt13qCQkrp7va6mh7yW4ePKDvaL2qo9p4QBkkRCios5XjbyDbr-PqKBevm__rOVMQIDmlDNA1NbcjDsbrRxX5oKiQpfjS8ZOIYyvBe64qVaYUT-ASDUK2CPFPwVkdyQCh3BDPiK58kUoELpccSQpwRcIZNIr08vffoQ80RBlQHyTiJ0i1i1VC__dGQDm673SLD4Qvqt0Y8uX3StcbS9hjvYUqtswohaoORRtVAFYgTITQNTBhoVsgzCwdarNJGNhXoE-73ncfeedRaMYNOxC3lwHZWn0iD062fNFg-PnU58TC3eF5CR0GF__zgurPkbXiROlbXZ0xDfNTcZRtc4__W-qkYxAO2kvj9EuWwnxYmStTxC0fSJ0XLLQdUbS4AYhC0mqwiIidpfQpZM__faZsiq7Z3nincr__XLxjLXDMUplmc0n2T0EJaYDg3tEJ6AqxMpQnOUZ7c0rxlNvo6Y-Uy8PUWIbBXs5poXpTzkqf-O0eRJb8__gozJHstOWf6Ou7BmqnYqAaw7R0aIDseH8trOMpVATO41U2ybCfPF66aAFUCzP5hUZlVpdJgnc24XM23jK__LBNDjzg7N6qjECyTXpLQRvHQ2HmgTSaNy8t5RpRl7MmV1EkU7eDiPm9B__UMhWBYPuShAh8JThhZR8vlnJfIkk0FASJ2GcLr-pqI__eKBO__zrCotl0PzLVaL5M4NGZHHbMcaZOVahWmUjYto0Og6n7fC__fCxg30R__hN3AImPL-swtRTW8ZdDo__gxW0pHlyzHx17qUo02cJA__JWz5tHYrA1__yDmXBnEfPpF-4XB80j6AI16d8fjmOCXwgoiczLQvMQbLNZLy-3TfEFXE9aqTq-P9UPsaaFsc4NaRoJLNbvifOMD8Tczc22JRw__T0grzLfWiQ6vCvmshbO7dBADH7mwIdKFwDbGUz0hV6R93uS8PHieSmE7Sx1ch3qipuQHWaZ3__WM_B_I_WAUCTION__PRICE_X/wxTppROL-J4pEjvJcE__YzCIRt17F_FmsIIbnHMX0d1k4iTuKn41eiE9kU1jgTllIPHmRq-lSPOhBA2aVo9N_3tYA8Hjwwefq2LNQ2ZCwM6HQlUWuDQDEu6nIrQnE9KVXuFMGGxqXPI8owxTotsDfNuqNHmtOn_gbxC8s8z0IvOVs8lSA5fHPeAHGSiPZd6-M1nfiyyA4vGJtqlIIIBkc3U69B35H2T8Z1F2vMonPpNNqEYtzo0kWnQ4LEUtz3SVbrPHCfMeaXTY1vKDWLDEuzcPKdhMp_k3bRJVf54bguRH7CPmxjHlAvZwKc9goMTNZ9Y_FqQ-9rUC7O4Y1V1gB5vwSMuj0zgivZ486h6J1saOfN1QnvuBjZUsrvRKbt5t_Fj-SmUaSFQKB_YlMhIEFf7m5IRZ4oZRRPhBcbFTmkCjdHIYymiDtBYT_R1BhwVqb3rO3W_p4KL5r3pzG6CNReNz5o9tmM0GbGoS5kBRf-Q5_EFGcnfncr_SOa5zRUqu2kvwKueCcWm5N8H-mX1zaHR2J8tARRBi7-KQOli7MTSm97MGXjj35jNPchgkpL3uTqnAJg-LpivThqIc9OhWgol1rOCFvlJtiB6fBiAvlDhIqm_1sreMXEFZQQUG_suZywO5Ch-3CJZjv0fN1xoo0iCGjjS_HF8Na5uT7f-77mYKa4AbpptwlDnihPU2ZPqrigpy7rgJVW24BfzwEBAw1VWA1KXtYOBzuSjadkL76LkPDhCrD0WDE6MEjvK1Ng4RFRk8JVaMpu77PRfTRNWcQl0USCptNCPTFYFDuvRF_vYUKo8vw_OnhemC6_ZpNUpJUO_BeokejRFMzLN-UO5abgO39--F8evfptGZfb5UVCgY6IhcQ65Pcj4gdtqI8hmzxJu3TdWlC2hV8sKKHEndqIUdrFlQVzTqdLOWkkWm/
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.55.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-55-178.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:52 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
sync
odr.mookie1.com/t/v2/ Frame 8A0F
Redirect Chain
  • https://aws-fr-sync.bidswitch.net/sync?ssp=triplelift&dsp_id=366&imp=1
  • https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=triplelift&dsp_id=366&imp=1
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9307a429-74fc-4321-9249-97b575a578a7&ssp=triplelift&gdpr=&gdpr_consent=
43 B
356 B
Image
General
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9307a429-74fc-4321-9249-97b575a578a7&ssp=triplelift&gdpr=&gdpr_consent=
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
H2
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9307a429-74fc-4321-9249-97b575a578a7&ssp=triplelift&gdpr=&gdpr_consent=
Date
Fri, 06 May 2022 02:41:52 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sync
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827
  • https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
1 KB
1023 B
Document
General
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
77612a131727dcafefa77117e134534a15e067b63116bbdf233771abd3965aa9

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
456
content-type
text/html; charset=utf-8
date
Fri, 06 May 2022 02:41:52 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Fri, 06 May 2022 02:41:52 GMT
location
/sync?max=10&gdpr=false&cb=75827&ld=1
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
r
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/r?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627110&rev=2ff8906&pr=un&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631116&crid=24680708&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=87114
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 1F10
3 KB
3 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 13:45:28 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:36 GMT
server
AmazonS3
age
564985
etag
"ddf020e069f1706b72b7698b28fede09"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3125
x-amz-cf-id
O_bVonD7S_s0V41gAui1TRpBS0j6_KRN7TMz0fEjAebpjsf3huhXsA==
OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 1F10
3 KB
4 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 23:34:23 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:31 GMT
server
AmazonS3
age
529650
etag
"7ceab27af00fa466072a3c3360041755"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3518
x-amz-cf-id
hxAQEYM-rkOLnrmEmyd5b5x01vR8kKqra6X9uj4CDajyNYevLAlPZQ==
truncated
/ Frame BC01
26 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/gif
ctar
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ctar?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627110&rev=2ff8906&cta_render_method=1&cta_render_text=&cb=11727
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
js
tags.mathtag.com/notify/ Frame 7561
2 KB
1 KB
Script
General
Full URL
https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvTm1Nek1EaG1aV1l0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MjU4MTUxNzUzNzE1NTUwMDYvMTA2MzExMTYvMTE1MDc0OTQvNjIvMGNwdmEwNFV3LWgxOVlXdXNnYVFTUWs1WjljdDRvcmRpc0h5Vnoxb0NfVS8xLzYyLzAvMC8xODkyNzgyLzM2NDQ4ODg4NDEvMjE1NTQzLzExNDk1ODUvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODI1ODE1MTc1MzcxNTU1MDA2L2Ftcy8wLzUwMDAvNjkvOTk5LzI1OC8yMTcuNjQuMTUxLjAvMC4wMDAvMTY1MTgwNDkxMC8xNjUxODE3NTEwLzYyLzkyODYv/lz2NbTxON2bzZa_xVrWvWEYeP08&nodeid=1904&group=cdg&auctionid=2825815175371555006&shardkey=2825815175371555006&sid=11507494&cid=10631116&price=0.191&bp=a_bjbbgg&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.135.164
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
311beabde927690d6dec48a768038c7154fe4caaec26df8b6bf048178ff25fa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1651804910
Last-Modified
Fri, 06 May 2022 02:41:50 GMT
Server
MMBD/3.320.0
x-mm-latency
297 (1)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
pao-router-x43, cdg-bidder-x143
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Fri, 06 May 2022 02:41:52 GMT
ev1
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ev1?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627111&rev=2ff8906&pr=0.192&bc=0.221&bmid=2409&biid=4720&sid=67031&brid=564622&adid=366_2501017&crid=21249308&ts=1651804910&bcud=221&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=22477
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
aop
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/aop?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627110&rev=2ff8906&pr=un&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631116&crid=24680708&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=14940
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
sync
eb2.3lift.com/ Frame 9AC1
1 KB
1 KB
Document
General
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
02f36365cc7010c910890dcbfb1abc1bc2877441c30551f386ac52708a81cb58

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
539
content-type
text/html; charset=utf-8
date
Fri, 06 May 2022 02:41:52 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
bundle.js
ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/ Frame 968A
257 KB
82 KB
Script
General
Full URL
https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a9d91eee1d1fc2c9ee18e5a696673a518aac7ec131057e02be101b8be455609

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 14:56:54 GMT
content-encoding
gzip
last-modified
Wed, 04 May 2022 14:56:36 GMT
server
AmazonS3
age
128699
etag
"af7fbda98441e105423cb86797f6c6e3"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control
max-age=31536000, immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
83391
x-amz-cf-id
-wXdykieLfgjPztpq8G3cLPDCv04cMoqxfxM2zil2obvkoXNrTNW0Q==
truncated
/ Frame 968A
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a3fdd7b7e3f6d2f5559b9bba5cb66b25660235462adb71d5daa9143d665cfcb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/png
ev1
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ev1?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627110&rev=2ff8906&pr=0.145&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631116&crid=24680708&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=92109
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
generic
match.adsrvr.org/track/cmf/ Frame 66D9
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ebda
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
248
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEANZANTVgR1cR5D_CtjJaG8&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEANZANTVgR1cR5D_CtjJaG8&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEANZANTVgR1cR5D_CtjJaG8&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 66D9
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0NDE3NDEyNTU3MjM2MjYxMzEy
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 66D9
0
142 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=104417412557236261312&dbredirect=true&gdpr=0&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 2ABDE329603540E9AA6FD8C44966FD25 Ref B: FRAEDGE1119 Ref C: 2022-05-06T02:41:52Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeTs0QVLhdoTqBEQH1Fw==
xuid
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/104417412557236261312?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-QJx3PbJE2oQ117KAQADjI8omRniGSCMj9JG2S_vMjw--~A&dongle=0883
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-QJx3PbJE2oQ117KAQADjI8omRniGSCMj9JG2S_vMjw--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Fri, 06 May 2022 02:41:52 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-QJx3PbJE2oQ117KAQADjI8omRniGSCMj9JG2S_vMjw--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
xuid
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=104417412557236261312&gdpr=0&gdpr_consent=
  • https://ads.avct.cloud/getuid?url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
  • https://ads.avct.cloud/getuid?bounce=true&url=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D59%26user_id%3D%7B%7BUUID%7D%7D%26ssp%3Dtriplelift
  • https://x.bidswitch.net/sync?dsp_id=59&user_id=7219b488-5b38-41e0-ad5e-47cc9b2ad428&ssp=triplelift
  • https://eb2.3lift.com/xuid?mid=2409&xuid=9307a429-74fc-4321-9249-97b575a578a7&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2409&xuid=9307a429-74fc-4321-9249-97b575a578a7&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=2409&xuid=9307a429-74fc-4321-9249-97b575a578a7&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Fri, 06 May 2022 02:41:53 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
iu3
s.amazon-adsystem.com/ Frame 66D9
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=104417412557236261312
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
0
0
Image
General
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
PRNMKDDF8Z084F7C5QG9
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 66D9
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=0
Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
setuid
ib.adnxs.com/prebid/ Frame 66D9
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=0&gdpr_consent=&uid=104417412557236261312
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=75827&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:52 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
cbbc9fcf-9637-4632-a07c-931153a22db6
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
ib.adnxs.com/prebid/ Frame 9AC1
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=104417412557236261312
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:52 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
19c16381-15fb-4f90-a3d7-1c148c1bbaf3
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/trl
  • https://match.prod.bidr.io/cookie-sync/trl?_bee_ppp=1
  • https://eb2.3lift.com/xuid?mid=7255&xuid=AAE6ZU7E6RYAADvZLY3QEg&dongle=bzwx
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=7255&xuid=AAE6ZU7E6RYAADvZLY3QEg&dongle=bzwx
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=7255&xuid=AAE6ZU7E6RYAADvZLY3QEg&dongle=bzwx
Date
Fri, 06 May 2022 02:41:52 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2319&xuid=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9&dongle=4430
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2319&xuid=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9&dongle=4430
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2319&xuid=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9&dongle=4430
Date
Fri, 06 May 2022 02:41:53 GMT
Connection
keep-alive
Content-Length
138
Content-Type
text/html; charset=utf-8
c.gif
c.bing.com/ Frame 9AC1
42 B
594 B
Image
General
Full URL
https://c.bing.com/c.gif?xid=104417412557236261312&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
etag
"8120eaf0ff3ad81:0"
last-modified
Fri, 18 Mar 2022 19:39:54 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 179200CCDCFF42409BCE7BB3F7B4C7F6 Ref B: FRAEDGE1410 Ref C: 2022-05-06T02:41:52Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=8015597892726835373&dongle=4d58&gdpr=0&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=8015597892726835373&dongle=4d58&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:52 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
dd71f537-2834-4a74-bc81-cdd953021554
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eb2.3lift.com/xuid?mid=3335&xuid=8015597892726835373&dongle=4d58&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=62&redir=%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3690%26xuid%3D%5BMM_UUID%5D%26dongle%3D3995%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3690&xuid=23496274-8af1-4300-94fe-e2d82034a54a&dongle=3995&gdpr=0&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3690&xuid=23496274-8af1-4300-94fe-e2d82034a54a&dongle=3995&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
MT3 4390 fb8620d master ord-pixel-x34 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eb2.3lift.com/xuid?mid=3690&xuid=23496274-8af1-4300-94fe-e2d82034a54a&dongle=3995&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 06 May 2022 02:41:52 GMT
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3702&xuid=164eccd5-cce6-11ec-9718-0515b2acad93&dongle=d54f&gdpr=0&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3702&xuid=164eccd5-cce6-11ec-9718-0515b2acad93&dongle=d54f&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3702&xuid=164eccd5-cce6-11ec-9718-0515b2acad93&dongle=d54f&gdpr=0&gdpr_consent=
Date
Fri, 06 May 2022 02:41:52 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
164eccd6-cce6-11ec-9718-0515b2acad93
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=4229483670715824364&dongle=d407
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=4229483670715824364&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=4229483670715824364&dongle=d407
pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/RVF22VSl?redir=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3657%26xuid%3D%24%7BTM_USER_ID%7D%26dongle%3D3c0a%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3657&xuid=YnSK7gAAABjGdgP0&dongle=3c0a&gdpr=0&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3657&xuid=YnSK7gAAABjGdgP0&dongle=3c0a&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651804913.734645,VS0,VE0
x-served-by
cache-hhn4053-HHN
x-cache
HIT
location
https://eb2.3lift.com/xuid?mid=3657&xuid=YnSK7gAAABjGdgP0&dongle=3c0a&gdpr=0&gdpr_consent=
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
xuid
eb2.3lift.com/ Frame 9AC1
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=triplelift&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=triplelift&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4945&xuid=31bfab55-5542-414f-8464-bfd91b352886&dongle=31ac
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=4945&xuid=31bfab55-5542-414f-8464-bfd91b352886&dongle=31ac
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=28015
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=4945&xuid=31bfab55-5542-414f-8464-bfd91b352886&dongle=31ac
Date
Fri, 06 May 2022 02:41:53 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
r
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/r?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627112&rev=2ff8906&pr=un&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631113&crid=24680749&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=61497
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame 968A
3 KB
3 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 13:45:28 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:36 GMT
server
AmazonS3
age
564985
etag
"ddf020e069f1706b72b7698b28fede09"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3125
x-amz-cf-id
loEjT6jUjOBD3Xv570ltATmzHzOEoxtyR50g5BTqTzynqPq6BCbTIQ==
OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame 968A
3 KB
4 KB
Image
General
Full URL
https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/2ff890636b63414544567d28b1b8d208bcbc2971/dist/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-56.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 29 Apr 2022 23:34:23 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified
Thu, 05 Aug 2021 17:23:31 GMT
server
AmazonS3
age
529650
etag
"7ceab27af00fa466072a3c3360041755"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800,s-maxage=604800,public
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3518
x-amz-cf-id
zooirTfudaMJ2kpcjeeXmFqVk8b7X9Kw8KGDtRqMDQmGPaOPK45ygQ==
truncated
/ Frame 39A7
26 B
0
Script
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/gif
ctar
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ctar?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627112&rev=2ff8906&cta_render_method=1&cta_render_text=&cb=27306
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
js
tags.mathtag.com/notify/ Frame DC75
2 KB
1 KB
Script
General
Full URL
https://tags.mathtag.com/notify/js?exch=gor&s_exch=ss6&id=5aW95q2jLzIzLyAvTm1Nek1EaG1aV1l0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzUxMzE2NTgxODQ1ODUyNDg5NjIvMTA2MzExMTMvMTE1MDc0OTQvNjIvMGNwdmEwNFV3LWgxOVlXdXNnYVFTY1hfV1BlTlY1WDVrdlNEZzFEWUI2US8xLzYyLzAvMC8xODkyNzgyLzM2NDQ4ODg4NDEvMjE1NTQzLzExNDk1ODUvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC81MTMxNjU4MTg0NTg1MjQ4OTYyL2Ftcy8wLzUwMDAvNjkvOTk5LzI1OC8yMTcuNjQuMTUxLjAvMC4wMDAvMTY1MTgwNDkxMC8xNjUxODE3NTEwLzYyLzkyODYv/DKqgWzmiTBlNmEYyT3Q-_ZgJrmQ&nodeid=1904&group=cdg&auctionid=5131658184585248962&shardkey=5131658184585248962&sid=11507494&cid=10631113&price=0.191&bp=a_bjbbgg&nfy_act=LD5wfnw&type=adm&client=c2s&bfip=185.29.134.182
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
099a67a6b25e20de6ccee105ab6e2ea58a6562dd2f7d1c499bc57a4511e14868

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
x-mm-bid-request-time
1651804910
Last-Modified
Fri, 06 May 2022 02:41:50 GMT
Server
MMBD/3.320.0
x-mm-latency
296 (1)
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg
Count
Cache-Control
no-cache
x-mm-host
pao-router-x85, cdg-bidder-x143
Connection
close
Content-Type
application/x-javascript; charset=UTF-8
Expires
Fri, 06 May 2022 02:41:52 GMT
aop
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/aop?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627112&rev=2ff8906&pr=un&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631113&crid=24680749&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&domain=threatpost.com&ref=https%253A%252F%252Fthreatpost.com%252Fbad-actors-remote-everything%252F179458%252F%253Fweb_view%253Dtrue%2526utm_campaign%253DThird%252520Party%252520Thursday%252520Newsletter%2526utm_medium%253Demail%2526_hsmi%253D212153234%2526_hsenc%253Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%2526utm_content%253D212153234%2526utm_source%253Dhs_email&rr=creative&fid=10&rb=0&g=0&cb=53549
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
sync
eb2.3lift.com/ Frame FEA2
1 KB
1 KB
Document
General
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
d376da14edd4b42ef773a2325aa00b1a4876929a893179de2ea59ff7153f547d

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
620
content-type
text/html; charset=utf-8
date
Fri, 06 May 2022 02:41:52 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixelSync
pixel-sync.sitescout.com/dmp/ Frame FEA2
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=83&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
current
triplelift-match.dotomi.com/match/bounce/ Frame FEA2
0
104 B
Image
General
Full URL
https://triplelift-match.dotomi.com/match/bounce/current?networkId=74572&version=1&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
xuid
eb2.3lift.com/ Frame FEA2
Redirect Chain
  • https://cms.quantserve.com/pixel/p-VtN-a_yLd-GB-.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=gsFZW4ySCwmZwloLgsdDX9fAVlqZkQxe1sWyRAEO
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=gsFZW4ySCwmZwloLgsdDX9fAVlqZkQxe1sWyRAEO
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://eb2.3lift.com/xuid?&mid=5316&dongle=fa68&xuid=gsFZW4ySCwmZwloLgsdDX9fAVlqZkQxe1sWyRAEO
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
iu3
aax-eu.amazon-adsystem.com/s/ Frame FEA2
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=104417412557236261312
  • https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
0
0
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
HTTP/1.1
Server
52.95.126.160 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:52 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DWJ0EX8WE2CN2TC21S2A
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=0&gdpr_consent=&uid=104417412557236261312&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
value=104417412557236261312
sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/ Frame FEA2
Redirect Chain
  • https://sasinator.realestate.com.au/rea/setid/external=TRIPLELIFT/value=104417412557236261312
  • https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=104417412557236261312
43 B
521 B
Image
General
Full URL
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=104417412557236261312
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Server
13.236.156.184 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-236-156-184.ap-southeast-2.compute.amazonaws.com
Software
Match/6834.9708b529813ec45d8cfbe4846c6dfe29b106a361 (i-0d1ce10026bd4a657) /
Resource Hash
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
server
Match/6834.9708b529813ec45d8cfbe4846c6dfe29b106a361 (i-0d1ce10026bd4a657)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
image/gif
content-length
43
expires
-1

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
server
Match/6834.9708b529813ec45d8cfbe4846c6dfe29b106a361 (i-0a1d32d0b8e28362c)
p3p
CP="NOI NID ADMa PSAa OUR BUS COM NAV"
location
https://sasinator.realestate.com.au/rea/lserver/setid/external=TRIPLELIFT/value=104417412557236261312
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
expires
-1
usermatch
usersync.getpublica.com/ Frame FEA2
0
198 B
Image
General
Full URL
https://usersync.getpublica.com/usermatch?provider=triplelift&TripleLiftID={$UID}
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.221.88.208 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-88-208.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate
Content-Length
0
Vary
Origin
Expires
0
xuid
eb2.3lift.com/ Frame FEA2
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=0%26gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&st=TRIPLELIFT&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6019%26xuid%3D_wfivefivec_%26dongle%3D465e%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6019&xuid=ptdQ85OH1NMNUI5&dongle=465e&gdpr=0&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=6019&xuid=ptdQ85OH1NMNUI5&dongle=465e&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:52 GMT
Server
PingMatch/68b9f5e#68b9f5e54dfc641b3d4f527e43216a87a5c6cf08 i-0eac7293533ef1427@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eb2.3lift.com/xuid?mid=6019&xuid=ptdQ85OH1NMNUI5&dongle=465e&gdpr=0&gdpr_consent=
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame FEA2
Redirect Chain
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=0&gdpr_consent=
  • https://us.creativecdn.com/cm-notify?pi=triplelift&gdpr=0&gdpr_consent=&tc=1
  • https://eb2.3lift.com/xuid?mid=6547&xuid=G9yt9qThxd004HopG9jX&dongle=45fg&pi=triplelift&gdpr=0&gdpr_consent=&tc=1
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=6547&xuid=G9yt9qThxd004HopG9jX&dongle=45fg&pi=triplelift&gdpr=0&gdpr_consent=&tc=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=6547&xuid=G9yt9qThxd004HopG9jX&dongle=45fg&pi=triplelift&gdpr=0&gdpr_consent=&tc=1
pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT, Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
cookiesync
bttrack.com/pixel/ Frame FEA2
35 B
380 B
Image
General
Full URL
https://bttrack.com/pixel/cookiesync?source=3a66d299-1ebd-4293-884e-8e6f36dc1a6a&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
Microsoft-IIS/8.5 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

X-ServerName
Track003-iad
Pragma
no-cache
Date
Fri, 06 May 2022 02:41:43 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control
private,no-cache
Content-Type
image/gif
Content-Length
35
Expires
-1
xuid
eb2.3lift.com/ Frame FEA2
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6126%26xuid%3D%7Bdevice_id%7D%26dongle%3D9e4f%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=6126&xuid=932e1273-fd81-4024-8083-c0b0401694c3&dongle=9e4f&gdpr
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=6126&xuid=932e1273-fd81-4024-8083-c0b0401694c3&dongle=9e4f&gdpr
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=46003
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=6126&xuid=932e1273-fd81-4024-8083-c0b0401694c3&dongle=9e4f&gdpr
date
Fri, 06 May 2022 02:41:52 GMT
server
_
content-length
0
generate_204
tpc.googlesyndication.com/ Frame 8FCA
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?QWdcNQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
sv
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/sv?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:52 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022050501&jk=2958761932055192&bg=!YWKlYibNAAZX5TVhd-U7ACkAdvg8Wt57rXpf4FDGh6ptv2hX2NWQ9oPV0LYtWu3BwkZwYHE_v0Y7HgIAAAGWUgAAAAdoAQcKAIVltps-12o6OkDbotZPZwZjcHkXNSDLTuJytVyH1GSpk_yyYrlKrAXDap7zm_PB5yCoF7mr6iJKVPrjEJbG3hGQu4uS0afkvFzhkk9ZUx3jWdAyWJUpyPz1gXOhvCVhb9aDaXKcIpNwXUBMWjGlxipOLrIpVt0K2Bf0DWIAZ_rXOTkQ3yUamQKYEmPCsA2CYNjEBPdkpHpDOMcvwn08Ix82lNuNqUaOJBwdw9ceOmqn7uBKFnmsTMJVNsKsXYBHLcDzTTu92Fao-DMjcOVQrS9JiPG4vtfAqoe9g4omfzyjSp5qIKnad9AGVsolpwtm2aL-virqrHqZTlbVptST_dTlrEB63-JM9WQpAtYNwlwdKeRWKvnhlshnZSYEhOl3qqimHCwvpFSUCEw-uaVksM9NGSg8VQ-lyPIUg50BCyJrcqJH90RXVys2qPe1kjcubT2KH_TXy5d4ohvUw0YU3XPg9yF2d3RXo_Ebd6vYjSy9VPOg6cNlwuHl71oJ0b4cWTOt7frUoPQzsUUrIwraGWz53d8W_-AMnmb9TDzSzVF9A2C2S8osXFPihqGO6QUEkbcrpDQafGPmH48Up-gcgVuORpOyedBvIY_1CDzylukPYJrEb4asi3ejf_Ereq-nuI9lyYmBBlAqaHaVVntdnCnhQKPzw54uEcCJuZPmRCFJ9warcjfEmLuuPC0vrTIA2rYpBd_5y4TUwuNfKV3nkX42-EDBy5btdpGcUROSfg6mlQGkNIJ8uRj-wRzo64fsYEF1yGTue0tzDdJaIIQNh8mrFLc4zzYZJhyERAE2tPk-gda7EfUGlTcAK19R1Z015soEEIhiiJvnEw3gfPYQhv0qcyQfFd3DF4chkNEHvl0ZMCBKy3UTAFmeOCG65zQOL0c7uMtN4OqBq9ndYGHVwlRxlC-3jD8Itm6oVDGuwSmBckNI4GzXY1O4tr4ZepEDC4P9-WGdv8Us1t0jwAoFaYAc-ANysY0i_cISoPQnVX51WECHATJm9TZFuZENfCMpPYDVJI3kRreDJDjjZsf7cNhyjEGjxs3Ih7tveaQfV0torQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

0dbjh1g2pdhz
hal9000.redintelligence.net/zone/ Frame DC75
10 KB
3 KB
Script
General
Full URL
https://hal9000.redintelligence.net/zone/0dbjh1g2pdhz?subid=&gdpr=0&gdpr_consent=&rnd=5131658184585248962&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ss6&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627112%26mt_aid%3D5131658184585248962%26mt_id%3D10631113%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D19236274-8af1-4801-bb89-4be368cb6597%26mt_cid%3D19236274-8af1-4801-bb89-4be368cb6597%26redirect%3D
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.55.238.76.144.clients.your-server.de
Software
Apache /
Resource Hash
b592b111bbb977f895c0cbce31969bafbbcda527e3d8f282144c337550a230bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2873
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame DC75
49 B
330 B
Image
General
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=5131658184585248962&node_id=1904&exch_id=62
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
MMBD/3.320.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x94, cdg-bidder-x143
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Fri, 06 May 2022 02:41:52 GMT
img
pixel.mathtag.com/event/ Frame DC75
43 B
405 B
Image
General
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=62&v2=5131658184585248962&v3=1149585&v4=11507494&v5=10631113&mt_nsync=1&no_attr=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-207.deploy.static.akamaitechnologies.com
Software
MT3 4390 fb8620d master cdg-pixel-x29 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
MT3 4390 fb8620d master cdg-pixel-x29 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:52 GMT
img
tags.mathtag.com/event/ Frame DC75
49 B
330 B
Image
General
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ss6&bid=5131658184585248962&st=11507494&time=1651804913&nodeid=1904
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
MMBD/3.320.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x79, cdg-bidder-x143
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Fri, 06 May 2022 02:41:53 GMT
edn8pg08rg5j
hal9000.redintelligence.net/zone/ Frame 7561
10 KB
3 KB
Script
General
Full URL
https://hal9000.redintelligence.net/zone/edn8pg08rg5j?subid=&gdpr=0&gdpr_consent=&rnd=2825815175371555006&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ss6&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627110%26mt_aid%3D2825815175371555006%26mt_id%3D10631116%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26mt_cid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26redirect%3D
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.55.238.76.144.clients.your-server.de
Software
Apache /
Resource Hash
ac63c522d6bc5999523772dd63e8a38f2c51bca9e12d87772d3fe4988d0decd3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
Server
Apache
Connection
close
Content-Length
2873
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
ck-confirm
tags.mathtag.com/ Frame 7561
49 B
330 B
Image
General
Full URL
https://tags.mathtag.com/ck-confirm?bid_id=2825815175371555006&node_id=1904&exch_id=62
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
MMBD/3.320.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x96, cdg-bidder-x143
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Fri, 06 May 2022 02:41:53 GMT
img
pixel.mathtag.com/event/ Frame 7561
43 B
405 B
Image
General
Full URL
https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=62&v2=2825815175371555006&v3=1149585&v4=11507494&v5=10631116&mt_nsync=1&no_attr=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-207.deploy.static.akamaitechnologies.com
Software
MT3 4390 fb8620d master cdg-pixel-x28 config:1.0.0 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
MT3 4390 fb8620d master cdg-pixel-x28 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:52 GMT
img
tags.mathtag.com/event/ Frame 7561
49 B
330 B
Image
General
Full URL
https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ss6&bid=2825815175371555006&st=11507494&time=1651804913&nodeid=1904
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
74.121.143.246 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MMBD/3.320.0 /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
MMBD/3.320.0
Content-Type
image/gif
Cache-Control
no-cache
x-mm-host
pao-router-x88, cdg-bidder-x143
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
49
Expires
Fri, 06 May 2022 02:41:53 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5AA6
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu4y1HTxnhocM1MbSUf0bOChBA22xYPRk-fHUV9l1jVEEAwEI0Ay5AbCo5kK-0eS7nv1EKANZclpMDId4sf1ywObIzwk3uaqYBr7mQrpRZRoZfASDSy7y9_Y4dJtt3fm14pPp8N0xDs4TjrThc00aF1J021y8eNIIh97UDdL0WxSNO3X7DAtbqacX-_qWTu2jHI9FBSJ36SYPW1BpTsWPR3g5zP14mzcV7RvvTlnSqEAKfsFpFeAUAUgdmCELff7m1yyEzFnrU2N-GZqwjE91NdzoOeDluwwJi6DRZTamprgAWPA_6oC2aNJZNkIf9lS7m3MTXbINVG&sai=AMfl-YQZiwj9Ys3fDcPjzJb6Fba3CP-Vyqr2wRGdfdQbzzxd_hieMjIS7CbkweUJIbxnr19su56WRHYOHPO6v9diMhTy7q67qVmb9xtGjZWs6qaBy42V7dU6idLUuKkaslc&sig=Cg0ArKJSzP61WL42U9wJEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:53 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Fri, 06 May 2022 02:41:53 GMT
request.php
hal900016.redintelligence.net/ Frame 7561
Redirect Chain
  • https://hal900016.redintelligence.net/request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900016.redintelligence.net/request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
611 B
937 B
Script
General
Full URL
https://hal900016.redintelligence.net/request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627110%26mt_aid%3D2825815175371555006%26mt_id%3D10631116%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26mt_cid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=8283161843806&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Server
138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.30.220.201.138.clients.your-server.de
Software
Apache /
Resource Hash
c422a23ae4dad31a8111fea147f75ede73f821581627f3750c5b2f525aee6152

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
58980900013837504681724011951016
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
331
Expires
Fri, 06 May 2022 03:41:53 +0200

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=edn8pg08rg5j&nw=20&renderingType=javascript&namespace=5b1ae74622&subid=&uid=d3e4637d2d631876&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627110%26mt_aid%3D2825815175371555006%26mt_id%3D10631116%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26mt_cid%3D1a236274-8af1-4401-8810-fb66bb615f1e%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=8283161843806&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Fri, 06 May 2022 03:41:53 +0200
request.php
hal900021.redintelligence.net/ Frame DC75
Redirect Chain
  • https://hal900021.redintelligence.net/request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
  • https://hal900021.redintelligence.net/request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
613 B
936 B
Script
General
Full URL
https://hal900021.redintelligence.net/request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627112%26mt_aid%3D5131658184585248962%26mt_id%3D10631113%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D19236274-8af1-4801-bb89-4be368cb6597%26mt_cid%3D19236274-8af1-4801-bb89-4be368cb6597%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=557833255659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by
Host: threatpost.com
URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Protocol
HTTP/1.1
Server
144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.55.238.76.144.clients.your-server.de
Software
Apache /
Resource Hash
fdc10635851f72f43ceacb9d52c0a9798f7ad6a74d296e146fff7f0eb1277e4c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId
51905600014914104681734011951021
Connection
close
Content-Type
application/x-javascript; charset=utf-8
Content-Length
330
Expires
Fri, 06 May 2022 03:41:53 +0200

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:53 GMT
Server
Apache
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location
request.php?zone=0dbjh1g2pdhz&nw=20&renderingType=javascript&namespace=4fc5da3547&subid=&uid=32a306665d3dc361&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Ass6&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D10810138826073172627112%26mt_aid%3D5131658184585248962%26mt_id%3D10631113%26mt_adid%3D215543%26mt_sid%3D11507494%26mt_exid%3D62%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D19236274-8af1-4801-bb89-4be368cb6597%26mt_cid%3D19236274-8af1-4801-bb89-4be368cb6597%26redirect%3D&documentReferer=https%3A%2F%2Fthreatpost.com%2Fbad-actors-remote-everything%2F179458%2F%3Fweb_view%3Dtrue%26utm_campaign%3DThird%2520Party%2520Thursday%2520Newsletter%26utm_medium%3Demail%26_hsmi%3D212153234%26_hsenc%3Dp2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ%26utm_content%3D212153234%26utm_source%3Dhs_email&ancestorOrigins=https%3A%2F%2Fthreatpost.com%2Chttps%3A%2F%2Fthreatpost.com&random=557833255659&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Type
text/html; charset=UTF-8
Content-Length
0
Expires
Fri, 06 May 2022 03:41:53 +0200
ev
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ev?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627111&rev=2ff8906&pr=0.192&bc=0.221&bmid=2409&biid=4720&sid=67031&brid=564622&adid=366_2501017&crid=21249308&ts=1651804910&bcud=221&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=11127
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
ev
eb2.3lift.com/
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/ev?inv_code=Threatpost_ROS_HDX&aid=10810138826073172627110&rev=2ff8906&pr=0.145&bc=0.191&bmid=3690&biid=7265&sid=62334&brid=49187&adid=10631116&crid=24680708&ts=1651804910&bcud=191&ss=12&caid=0&unid=0&cepos=0&ceid=0&cb=52919
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
request_content.php
hal900016.redintelligence.net/ Frame 1F36
7 KB
3 KB
Document
General
Full URL
https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.30.220.201.138.clients.your-server.de
Software
Apache /
Resource Hash
701310875ceb8cc05bde3e114dcd9132031874a54134343fb73d8a3c043fbf4b

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
2305
Content-Type
text/html; charset=utf-8
Date
Fri, 06 May 2022 02:41:53 GMT
Expires
Fri, 06 May 2022 03:41:53 +0200
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 1F36
89 KB
32 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
Requested by
Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Sat, 30 Apr 2022 17:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
464510
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32245
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 17:40:03 GMT
/
track.adform.net/adfscript/ Frame 1F36
746 B
941 B
Script
General
Full URL
https://track.adform.net/adfscript/?bn=54886215;click=https%3A%2F%2Fhal900016.redintelligence.net%2Fc%2Fpckh83bcufm2m56%3Ftprd%3D
Requested by
Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
888ef3f47cdc47f99dcc468d3c42f4b7d90f1e87f5642711f44e9b6f6d27c269
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
548
expires
-1
request_content.php
hal900021.redintelligence.net/ Frame 131A
4 KB
2 KB
Document
General
Full URL
https://hal900021.redintelligence.net/request_content.php?s=51905600014914104681734011951021&a=dfd311ff
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.55.238.76.144.clients.your-server.de
Software
Apache /
Resource Hash
34cfea1fc4c327a3eb34e1c0380b5bf6280f2777a8b1303535ba588658ec4a39

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
close
Content-Encoding
gzip
Content-Length
1419
Content-Type
text/html; charset=utf-8
Date
Fri, 06 May 2022 02:41:53 GMT
Expires
Fri, 06 May 2022 03:41:53 +0200
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
viewability
hal900016.redintelligence.net/ Frame 1F36
0
150 B
Script
General
Full URL
https://hal900016.redintelligence.net/viewability?s=58980900013837504681724011951016&a=25908a28&vb=m
Requested by
Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.30.220.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
/
track.adform.net/adfscript/ Frame 131A
746 B
939 B
Script
General
Full URL
https://track.adform.net/adfscript/?bn=54886233;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpfcskpttdvc7ejg%3Ftprd%3D
Requested by
Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=51905600014914104681734011951021&a=dfd311ff
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7cff05014ae17e596f17049ed76aae3390dc947670708637d285a96d1ce62ace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
547
expires
-1
viewability
hal900021.redintelligence.net/ Frame 131A
0
150 B
Script
General
Full URL
https://hal900021.redintelligence.net/viewability?s=51905600014914104681734011951021&a=89e474ac&vb=m
Requested by
Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=51905600014914104681734011951021&a=dfd311ff
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.55.238.76.144.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/request_content.php?s=51905600014914104681734011951021&a=dfd311ff
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:53 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 1F36
33 KB
16 KB
Script
General
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=54886215;click=https%3A%2F%2Fhal900016.redintelligence.net%2Fc%2Fpckh83bcufm2m56%3Ftprd%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 07 May 2022 06:16:21 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 131A
33 KB
16 KB
Script
General
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=54886233;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpfcskpttdvc7ejg%3Ftprd%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:53 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 07 May 2022 06:16:21 GMT
/
track.adform.net/adfserve/ Frame 1F36
4 KB
2 KB
Script
General
Full URL
https://track.adform.net/adfserve/?CC=1&bn=54886215;click=https%3A%2F%2Fhal900016.redintelligence.net%2Fc%2Fpckh83bcufm2m56%3Ftprd%3D;js=1;adfxid=1x;10081;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fthreatpost.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
740057f74e4d37c475e34e461758bb5490825157294c54c884727ca828a74c9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
1984
expires
-1
/
track.adform.net/adfserve/ Frame 131A
4 KB
2 KB
Script
General
Full URL
https://track.adform.net/adfserve/?CC=1&bn=54886233;click=https%3A%2F%2Fhal900021.redintelligence.net%2Fc%2Fpfcskpttdvc7ejg%3Ftprd%3D;js=1;adfxid=1x;1626;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fthreatpost.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c32b8dc20e4c394a7555de32f9399c8b031d3c8bb9c74d268e9f8e0b40f174a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
1989
expires
-1
truncated
/ Frame 1F36
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame 131A
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type
image/gif
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 1F36
90 KB
39 KB
Script
General
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 07 May 2022 06:17:31 GMT
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 131A
90 KB
39 KB
Script
General
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Sat, 07 May 2022 06:17:31 GMT
/
track.adform.net/csimpr/ Frame 1F36
35 B
478 B
Ping
General
Full URL
https://track.adform.net/csimpr/?bn=54886215&csi=jtL0wY3wOlZwyAAK9vzZWeFWlV9s0B0VwjeEnSBpFjTrygPkIxxfk87dEGdVnvm-hbI_cUFB3ZbYBm0BVyTjFd6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900016.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900016.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
/
track.adform.net/csimpr/ Frame 131A
35 B
478 B
Ping
General
Full URL
https://track.adform.net/csimpr/?bn=54886233&csi=q83SnOiqEw6AjhT7CKmE1C4v2R9RT23VckyYbP60af_rygPkIxxfk5BK5vUIij43U7WcVG44Aqf1YLPq9nc9496vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900021.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900021.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
11204919.js
s1.adform.net/Banners/Elements/Files/160090/11204919/ Frame A157
3 KB
1 KB
Script
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/11204919.js?ADFassetID=11204919&bv=258
Requested by
Host: www.venminder.com
URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c501e586ceb51ccd38f6ea2316b6b5f66f78b4e5d1e17172034bf3dec6030223
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
W/"62695d74-d02"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
11204910.js
s1.adform.net/Banners/Elements/Files/160090/11204910/ Frame 2E13
3 KB
1 KB
Script
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/11204910.js?ADFassetID=11204910&bv=258
Requested by
Host: www.venminder.com
URL: https://www.venminder.com/e3t/Ctc/WW+113/c2Npz04/VWZ4xY7kdTS8W2mkbfD4MH8QBW8VsNl14JJSwDN6B8NrB3q3phV1-WJV7CgW1fW3TPWk15KM3dHN93vksnLhBc9W6cpSSW6p2VwpW5F9Djv8nHr75W8Nn5T22slL9gW5h3tnN83QV3tW8XXDDm3ln1s0W8l2HhK8-ZZxsW3dM1lW5Vf66tW2ts6nl31m8pzW8-8mXf6Dxh69W5GS7596jl2jwW8xjZP-6vgsb5W82gVYW10wP6lW6GR2C_5cNmMYW93JC0t2pF7PLW91HMH27GY_jxN99_nds2MWG_W50B8l673XHxGW3d57tD8zg3RHW2Bv1mV5l0p5cW6-d1BF6tRkvkW2XbhQG22fk08W6zWjF-2qt8_WW8h2CWN3Xjx1GN5cGhlDSHHnsMcCMH23PZ4SW8bZv2w3j3BF-3gcS1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e94f7aff84a52704b2d1097b2d92541b10524a20a0f08d4e3486d5cb78cf4f01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
W/"62695d6d-d00"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
screen.css
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
1 KB
882 B
Stylesheet
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/screen.css
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
343ea6f53cd6ddde97c421f384c229147c9c507452690d8bd0045be5453df3f8
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
W/"62695d74-596"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
text/css
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame A157
30 KB
13 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:21 GMT
server
nginx
etag
W/"609e6e89-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
introfill.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
103 B
399 B
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/introfill.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
ee6d3b54a9065c8ff1c55528d83a8b11aa932915d3004f3dab2c5355027bbf3f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:48 GMT
server
nginx
etag
"62695d70-67"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
103
text0.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
5 KB
5 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/text0.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
07773674da8a5d7de6575be849321af69c60333d821b2e531b8b6aad8cb8deba
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-134b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4939
text1.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
6 KB
6 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/text1.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
df79dd6a7ac84baa0b616fdb9c1b188d562051dcc880a1e8be5fb3bf25eb642b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:48 GMT
server
nginx
etag
"62695d70-1766"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5990
text2.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
5 KB
5 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/text2.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8ff2dfbd53fcbe7a924065849f3a621b7275fc80dc5c4091e307ff93725b5dde
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-147d"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5245
text3.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
8 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/text3.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
270e057943921b2dd09052353e02f32c8f7369816ac92717b7e4efa3393eed0d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-1f1e"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
7966
stoerer.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
4 KB
5 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/stoerer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
4e3938359d975b49ca24219f23cf9f4b416dbe9c347cfe8e45c5ea8e6c8d1aae
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:48 GMT
server
nginx
etag
"62695d70-11ab"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4523
disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
1 KB
2 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/disclaimer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
87b9fa7efc94c1145c336dfa8e5b245461d0d2c950996f9b0f0e8ccea0289b72
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-503"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1283
date.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
3 KB
3 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/date.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a8b6088276c5f8cdb4ec8ab768aa62222b0c4e678d5a8f71fc62ae172b771b2c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-a00"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2560
cta.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
3 KB
3 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/cta.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e5dbcde39ec1fc3506acc9fd13cdcc2815b146f106f5765d20bd057ae502e27c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-a17"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2583
logostart.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
4 KB
4 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/logostart.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c478bc96e00b2e4a64241756af7a9fb046590741b6d6a4483b10be4985b3fb56
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
"62695d74-ed0"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3792
logo.png
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
4 KB
4 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/logo.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c5d9f11f95196250f6797acef21bd147fe22a802940735d88ac2a7a9308247ac
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:48 GMT
server
nginx
etag
"62695d70-ecf"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
3791
background.jpg
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
8 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/background.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f74858ab6cbc624a9d3b5331b95c315d0851e07372d32d11136ba31777a4aea0
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:48 GMT
server
nginx
etag
"62695d70-2050"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
8272
CSSPlugin.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame A157
38 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4955288
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13669
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-9833"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eGNa3zqvcgZRMzxF8LX%2B9I6FsHeuzafUV%2Fqpq0kuamDS9C4KFFiwpKeE7%2ByPLvXy%2Fx8Hp5hL8K8UhvaupCu97PJAqnVMSILRCt7rJ%2BYnpYIRq%2F9fiUn6qdONHj3vyA1Eqs7K%2B5LCgoNLgkKjVHm4RS5q"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f39cc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
EasePack.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame A157
5 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1328526
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1730
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-146f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxzTiLMY8xUY80lgYsJIyujhWiHk2fZcpI5TdgnEct%2FE7B2CazmeYwSTnrjaQ5T0f0cl7m1%2BPHkOO8ZlVohg8mTQdNIPT0m2vK3soVGNlHuoKy9lVXjneIfWbgSGmTPzyP9BVJ0YSQ90%2BbczQZJWKqaK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f3bcc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
TweenLite.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame A157
26 KB
9 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
28121874
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8578
cf-request-id
0aaca61c2700000204b1291000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-697f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UuB2gOyLvo4%2B6pd13v%2Bsn4ndMZfFUtyrRVzoQQsesMDhLawI4py5ZXv1pBv1uvsm1kd7AybNoUAYgJTbMr0G4WR06KbflQz0l6GR3KATL3B4cqMQCmvHC%2B029J5EngbKIUTT%2FZGNr%2FEAJ4VUAFm77Pd"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f3ccc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
script.js
s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/ Frame A157
9 KB
2 KB
Script
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204919/bvpath_258/script.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8ed12b039b09021f444b5466f17e66ee92467082997c6af462e5bbe688170d86
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:52 GMT
server
nginx
etag
W/"62695d74-2550"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
screen.css
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
1 KB
897 B
Stylesheet
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/screen.css
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bcfaf811ec70dd33ab185303742bbe4c4e4513de91c8ef3f4ec0802dfe02e2da
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
W/"62695d6d-59c"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
text/css
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 2E13
30 KB
13 KB
Script
General
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:21 GMT
server
nginx
etag
W/"609e6e89-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
introfill.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
117 B
413 B
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/introfill.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-75"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
117
stoerer.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
7 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/stoerer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e875dd3e43443b7cf22e0594baff463492832444fa9994f0995ff088ad04e577
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
"62695d6d-1ce6"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
7398
text0.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
5 KB
5 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/text0.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
61bb21a200f5e290a6cf7cd102a30bf77f1179bdbd9b844ee8b9cedfaa3204e4
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
"62695d6d-1272"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4722
text1.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
13 KB
13 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/text1.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8cba02ae8c6604b473e88fb545d57c6cd10de09922d6962da8e2878d48186681
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-33f6"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
13302
banderole.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
8 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/banderole.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f486ed417c87d63ef6f2abcc7a8a8863ee231bd885b99943a72a026680d183f8
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-1fbf"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
8127
disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
4 KB
4 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/disclaimer.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b767e8a6c870f5dbfcd28bba0964260a651066b697c9b8af4866853d8b95ec47
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-100b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
4107
date.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
3 KB
3 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/date.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8278c001875318d426271428c8e6561ed9d234808ae57d856fae5bb3f5742039
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-ac5"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2757
cta.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
3 KB
3 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/cta.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
458d3c67d05851e4470066b036a244cda6400c00cc443044a8f5be30c8c7c8e1
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-a6b"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
2667
logostart.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
7 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/logostart.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
67d65d576ba2b75c2cee74ebdaea793f8e8b370ce51fd782a0dc41c33120a899
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
"62695d6d-1dba"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
7610
logo.png
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
5 KB
5 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/logo.png
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b796c00ffa6ab2f08b75bbd643f63593f7147981060d9d35b5d0450cfc3e8295
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:45 GMT
server
nginx
etag
"62695d6d-1494"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5268
model.jpg
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
35 KB
36 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/model.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
4a03c06ea567b2a7dd992bed820e61243d24084bf8bead4caeb5c470ce397064
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-8db9"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
36281
background.jpg
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
8 KB
8 KB
Image
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/background.jpg
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
9daa39b68f1aeceaea15e6c15c0e80e87aa0165a0084052d5b66eb9ff00ed5f0
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
"62695d6c-1ffa"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
8186
CSSPlugin.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 2E13
38 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4955288
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13669
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-9833"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tc9sYydUr4XQhMjlHlkG%2BWyi8yH8Y0dGWOMsC41frG27Wjfv1i0wy4AmQYKb%2BxyA9Yakk4%2FmtLdC0DbzVs8UkLak5Y5lS65w26MIw63tKmmMPIZ%2BXMX99EYVm9kOCUEdrOz66BOAASCg%2F%2BDgYpWRSMbY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f3dcc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
EasePack.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 2E13
5 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1328526
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1730
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-146f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4IA19tJ%2FziqkeVtKyjRlzITTUhgUW9NsnGvGvCDccl0Q4ZauBcoDvzcJShuCER0c7DRuh%2Bup0u%2FGChjf3J0xrzQtTbB7v%2FUfLDBQAA2TGaHMnniqbT5OyMhcsmvMaMwROCWH2N2bAZ9%2BTUELK5EQJ1J%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f3fcc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
TweenLite.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 2E13
26 KB
9 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
28121874
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8578
cf-request-id
0aaca61c2700000204b1291000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-697f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy631Pm7AWNfWdY8WffWKg2Zy379oZ%2B2%2FvboUaU1Zie4nmXfjeK8antQLcnSBa%2B%2BeNLmXdvar6qOvqdr6Io3vG1fK0rCRKECuG5VLHm4MSeLvPBI9rwN%2FpcWViFlz2TMq3LOF8Gwdc7O3aPlbTbVS9dA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
706e5c0a2f3ecc42-ZRH
expires
Wed, 26 Apr 2023 02:41:54 GMT
script.js
s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/ Frame 2E13
9 KB
2 KB
Script
General
Full URL
https://s1.adform.net/Banners/Elements/Files/160090/11204910/bvpath_258/script.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1dff6405301dc8e4d3dc0960c598a8a16f7520fa6f0fbc7851ae31086d3e9ed8
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900021.redintelligence.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
last-modified
Wed, 27 Apr 2022 15:12:44 GMT
server
nginx
etag
W/"62695d6c-25ad"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://threatpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 06 May 2022 02:41:53 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1127
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 6622
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=-UG50HxNLzFVQjJaOGRoTUdSN2hZc2FmR0NaZkZrZk1TQTFsSG1ZRlVXRXI0V1QyV3lCc1h5dGIzbTIzd1dPSkE3UEtiaVRLM2w0NDF1T0ZvRXU4bS9JeVgvd3R4OE5COXI5djFmUGtFNFZ1OW0zTzVIenlKNU5XQXdEQ1...
356 B
622 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=-UG50HxNLzFVQjJaOGRoTUdSN2hZc2FmR0NaZkZrZk1TQTFsSG1ZRlVXRXI0V1QyV3lCc1h5dGIzbTIzd1dPSkE3UEtiaVRLM2w0NDF1T0ZvRXU4bS9JeVgvd3R4OE5COXI5djFmUGtFNFZ1OW0zTzVIenlKNU5XQXdEQ1RJaHM3QmpNbVpCYzhxZWhXbGxLWW5LRDdSUGE4Ty9mYzNIa2w3UkozNCtadmxZWVhJa2ZraVZINEZXMENHYTNsZk9uVUJ0VytWWjl4VDhPNGMzRHpRdjR6bWdtVUJydGZjcVRFYjIxTEtNNlN4ZHVzZVNvPXw&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
17f9ea85ca16de8b5d672ce183c77b84f6ae0dc63d84d4a72d79bb0b06ca5926
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2880
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:53 GMT
location
https://mug.criteo.com/sid?cpp=-UG50HxNLzFVQjJaOGRoTUdSN2hZc2FmR0NaZkZrZk1TQTFsSG1ZRlVXRXI0V1QyV3lCc1h5dGIzbTIzd1dPSkE3UEtiaVRLM2w0NDF1T0ZvRXU4bS9JeVgvd3R4OE5COXI5djFmUGtFNFZ1OW0zTzVIenlKNU5XQXdEQ1RJaHM3QmpNbVpCYzhxZWhXbGxLWW5LRDdSUGE4Ty9mYzNIa2w3UkozNCtadmxZWVhJa2ZraVZINEZXMENHYTNsZk9uVUJ0VytWWjl4VDhPNGMzRHpRdjR6bWdtVUJydGZjcVRFYjIxTEtNNlN4ZHVzZVNvPXw&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://threatpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1423
content-length
482
expires
0
ixmatch.html
js-sec.indexww.com/um/ Frame FCA5
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:54 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 64A2
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:54 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame BDD9
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92038
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:54 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 4185
668 B
729 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
96bd0920a8f9f1eaf6e983c36f9c35f2a3fea8f4df988a5fe12272eddbda08e9

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
417
content-type
text/html
date
Fri, 06 May 2022 02:41:54 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FE98
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92038
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:54 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame B446
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 06 May 2022 02:41:54 GMT
ETag
"623de86a-cf34"
Expires
Sat, 07 May 2022 02:41:56 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 855F
668 B
717 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
96bd0920a8f9f1eaf6e983c36f9c35f2a3fea8f4df988a5fe12272eddbda08e9

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
417
content-type
text/html
date
Fri, 06 May 2022 02:41:54 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame DC2E
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.20.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 06 May 2022 02:41:54 GMT
ETag
"623de86a-cf34"
Expires
Sat, 07 May 2022 02:41:56 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
view
securepubads.g.doubleclick.net/pcs/ Frame 968A
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-MKSI1fhc1tG-SdKwQyY_GxrGcaSC_fGxPkiedpm-oUJL9b8hUEPsPi9jVV9O6rWKHd5b1g_81xqQZCAo7vFXv6YzNG1FSfafbzK6hQz54KQ9c1NpOYOVhX7ZfCSRVJkIE-Gza9K9cj8Y-FIB0AWXgwo4doyrz704kKY91UyHSreTmRsEACIlxYYe2I_tdhnbqhOC8FP1s7AZIxSiXVFoX22dLCuRqxTIWrs0moHBh8Z7I5wM29HJtaiWdUtF_t4WxeFuEPmQ3ZYTikCdswvOUdvCS58PJo5uTqvvkrLTdFH4f1h7bByzxZIxaD4t4VI22OKhdpEx&sai=AMfl-YRg-cE9hpyJ4KnU0_HmRBmt-XEXGOZHWQxkRRTjfUoOPmAcR58cCH_lXV9UmRKnbljiqf9t-TbYPsHJdA1WQIedokaywNhkFsXbksbklet6YK8TDu3QQYpuFMK333s&sig=Cg0ArKJSzLBT3KxgPWV-EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Fri, 06 May 2022 02:41:54 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1F10
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstH2LLoBrVAOqgcNtymM7FxcXzBRqfBfvyO2MQRNWPSh-N1E0YVfjTU2zxxjG7bWUNvUh7A3Dz33rYkhfp5NmSTKJzRxKFCoPmIhQj7jMOIV0fM1L0wJMiRT1zQLp-OvzM4o7DXptPy5dQEDmNg5vH2NVhbDOyo-_YmMak0oBOKH8apqUoFKKDGMcF9Tlh69MhErH-YcqF7p8_EG4XY3FAt1BfQTP6fInxcYYK8e1F2_sLz6Xje-q_Gx736FJ1pHwgGcY7vhtJYCaJ3iHs8ZL554XJpGxUao2NkDFp09hnYwC6cMKDSDetMQkOV0r3jHftaJMkG6C9Q&sai=AMfl-YTliIX1G6Kemq5pAVieEN-0scLMV9cgAER7EDvKvJKI1px9ftmZ4i7DL8e0XfV3OfFyhAVwKXbzjT2iaIyacW4faqZWNlEkLNbaKLt8RXdURiX8nahq1skhofnJ4_A&sig=Cg0ArKJSzCc2Bqcojy7ZEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 06 May 2022 02:41:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Fri, 06 May 2022 02:41:54 GMT
sd
eu-u.openx.net/w/1.0/ Frame 4185
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
MT3 4390 fb8620d master ord-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 06 May 2022 02:41:53 GMT
sd
us-u.openx.net/w/1.0/ Frame 4185
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
43 B
122 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 4185
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
43 B
106 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 4185
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=3ae6e08e-35d0-7fba-efef-26cb104c54e5&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 4185
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTY4OTMzNDQtZmNhNy0yMTFlLWZhMGYtN2M3MmRhYWU5YTg1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 4185
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 855F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
MT3 4390 fb8620d master ord-pixel-x55 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=1a236274-8af1-4401-8810-fb66bb615f1e
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 06 May 2022 02:41:53 GMT
sd
us-u.openx.net/w/1.0/ Frame 855F
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
43 B
106 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=rPn5e6Kqqym3-vorrP_jf_n49nq3qax--P3UKkv8
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 855F
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
43 B
106 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8276987309949310286
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 855F
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=3ae6e08e-35d0-7fba-efef-26cb104c54e5&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 855F
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTY4OTMzNDQtZmNhNy0yMTFlLWZhMGYtN2M3MmRhYWU5YTg1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 855F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEOGkYHW3zqptuQEr2feyBGk&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=-UG50HxNLzFVQjJaOGRoTUdSN2hZc2FmR0NaZkZrZk1TQTFsSG1ZRlVXRXI0V1QyV3lCc1h5dGIzbTIzd1dPSkE3UEtiaVRLM2w0NDF1T0ZvRXU4bS9JeVgvd3R4OE5COXI5djFmUGtFNFZ1OW0zTzVIenlKNU5XQXdEQ1RJaHM3QmpNbVpCYzhxZWhXbGxLWW5LRDdSUGE4Ty9mYzNIa2w3UkozNCtadmxZWVhJa2ZraVZINEZXMENHYTNsZk9uVUJ0VytWWjl4VDhPNGMzRHpRdjR6bWdtVUJydGZjcVRFYjIxTEtNNlN4ZHVzZVNvPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 06 May 2022 02:41:53 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1328
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
async_usersync
ib.adnxs.com/ Frame B446
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:54 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
39f8817e-6678-4890-8f19-a932342bca60
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame DC2E
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:54 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a4d28db8-c79e-474a-b5ea-22820d1c46f8
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5AA6
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuknGDQ2vITfm0vRU9bJ8W0Xj8ULz9IChd6FB_vG3r-Xw3SouLzJ2Cp-bFi9uoxA4Ej3fKGx04Fz_oBGkuNeSqTa5aBeNX9dKf8ngRsWpx4eEIpG6qb&sig=Cg0ArKJSzI7rT_qyyPwtEAE&id=lidar2&mcvt=1000&p=256,1082,506,1382&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651804911619&rpt=1952&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
viewability
hal900016.redintelligence.net/ Frame 1F36
0
150 B
Script
General
Full URL
https://hal900016.redintelligence.net/viewability?s=58980900013837504681724011951016&a=25908a28&vb=v
Requested by
Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.30.220.201.138.clients.your-server.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hal900016.redintelligence.net/request_content.php?s=58980900013837504681724011951016&a=0631933c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:54 GMT
Server
Apache
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
abt
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/abt?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:54 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
activeview
pagead2.googlesyndication.com/pcs/ Frame 1F10
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvPeof3Olz5WbrA1onv1VueZoWuRZbwoT_ZYQYwQiSqy3--3qFw71Ws6hKeJ9_nXVyyBSMyqIO3iEq4hMNmt1fMbD8dRw3BdCw4JGXk9xZ7AOjQv4Gm&sig=Cg0ArKJSzLCyvb6x63NJEAE&id=lidar2&mcvt=1004&p=8,436,98,1164&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20220504&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=4166723991&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651804911552&rpt=2771&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame B446
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:55 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
fc545e63-a761-4221-91b2-59f79c3ec515
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame DC2E
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:55 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b5afb2f6-7b5a-4c81-9c49-49d30100b125
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
track.adform.net/serving/unload/ Frame 1F36
35 B
478 B
Ping
General
Full URL
https://track.adform.net/serving/unload/?version=15&unload=1339349535740026367@@54886215,1106892421568103393,100|1100|0|0|0|0|0|0|0||38|1|||||1|0|0|rOpywEkMXvtcPlakbYq96Vmq9Kxura1kXpd6KeLB69NmDWxka_QdkfL_QlhaeLlf0|||11||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://hal900016.redintelligence.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:55 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://hal900016.redintelligence.net
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
sync
eb2.3lift.com/ Frame 772E
1 KB
1 KB
Document
General
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
320ff47b0b2d16cdb40622daf06d659f65b6450cc7416b96252bba58635b9bad

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
543
content-type
text/html; charset=utf-8
date
Fri, 06 May 2022 02:41:56 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pd
eu-u.openx.net/w/1.0/ Frame 3996
542 B
357 B
Document
General
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
2ec122efee8c7603a1d9199353591549d7cb4eeb3561395e186bc4ba06805a99

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
338
content-type
text/html
date
Fri, 06 May 2022 02:41:56 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
via
1.1 google
async_usersync.html
acdn.adnxs.com/dmp/ Frame 18F7
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-188.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 06 May 2022 02:41:56 GMT
ETag
"623de86a-cf34"
Expires
Sat, 07 May 2022 02:41:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
beacon
ap.lijit.com/ Frame EE77
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13394437
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Fri, 06 May 2022 02:41:56 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Server
nginx
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap4ams1
usync.html
eus.rubiconproject.com/ Frame 8334
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:56 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6B71
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92036
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
sync.html
public.servenobid.com/ Frame 3B75
7 KB
3 KB
Document
General
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
br
content-type
text/html
date
Fri, 06 May 2022 02:41:55 GMT
etag
"a067ca1c11975e052149fcb5fac5e2d3"
last-modified
Tue, 26 Apr 2022 01:37:54 GMT
server
AmazonS3
x-amz-id-2
NAx9Qv8pLVyFG0/lELEHp9iskB2a/T+q3+VnmtvKFNzD7F6xIQFNbPs9n3vlWLMjY1866ZYzqSw=
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:5eb96107-ea8e-4447-a80a-9b951732aaca
x-amz-meta-codebuild-content-md5
e5441cba1c83e44c16f2d792acc1823c
x-amz-meta-codebuild-content-sha256
3b14aefb08d603d224cbf56f0ff34e70ebd576659dc2557c0629a8ec6943dc55
x-amz-request-id
17FNCS6K6DFEK0SY
x-azure-ref
09Ip0YgAAAAAi/k9fcPw5RIv/OG2Gf2tHRlJBRURHRTEwMTAAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
x-azure-ref-originshield
00cdzYgAAAAAHtfS5wsipQIXAUZHggIuSQU1TMDRFREdFMTkwOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache
TCP_HIT
ixmatch.html
js-sec.indexww.com/um/ Frame 91F8
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1388
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:56 GMT
ETag
"e20015-b6b-5d84d0db0c30a"
Last-Modified
Fri, 18 Feb 2022 16:05:37 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server
Apache
Vary
Accept-Encoding
2000891.html
sync.serverbid.com/ss/ Frame 9DBC
2 KB
1 KB
Document
General
Full URL
https://sync.serverbid.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-64.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
35247b5335f31105e6a22498ceaf264f88dbdd2ecc64114afe2fe3c9eeff5035

Request headers

Referer
https://threatpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
43447
content-encoding
gzip
content-type
text/html
date
Thu, 05 May 2022 14:40:02 GMT
etag
W/"b3c2f14ab62b70ce357a703cb70f1a0d"
last-modified
Fri, 29 Apr 2022 08:00:01 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
x-amz-cf-id
lCDWcydT5Bzin4swLC0zd5GDv_PMZ8jrTz9tO6VnvmBXmIWMSV4kxQ==
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
CookieSyncTripleLift&gdpr=1&gdpr_consent=
rtb.adentifi.com/ Frame 772E
0
47 B
Image
General
Full URL
https://rtb.adentifi.com/CookieSyncTripleLift&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.205.45.54 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-length
0
content-type
text/plain
match
c1.adform.net/serving/cookie/ Frame 772E
0
330 B
Image
General
Full URL
https://c1.adform.net/serving/cookie/match?party=1245&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
xuid
eb2.3lift.com/ Frame 772E
Redirect Chain
  • https://bh.contextweb.com/bh/sync/3lift?rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3D%25%25VGUID%25%25%26dongle%3D8bee%26gdpr=1%26gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?pid=558356&ev=1&daaqp=1&rurl=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2636%26xuid%3DtcpzKC1Um7Vh%26dongle%3D8bee%26gdpr%3D1%26gdpr_consent%3D
  • https://eb2.3lift.com/xuid?mid=2636&xuid=tcpzKC1Um7Vh&dongle=8bee&gdpr=1&gdpr_consent=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2636&xuid=tcpzKC1Um7Vh&dongle=8bee&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://eb2.3lift.com/xuid?mid=2636&xuid=tcpzKC1Um7Vh&dongle=8bee&gdpr=1&gdpr_consent=
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-588fbd8cf7-b2mnt
expires
-1
us.gif
sync.go.sonobi.com/ Frame 772E
49 B
509 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=tl&nuid=104417412557236261312
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
xuid
eb2.3lift.com/ Frame 772E
Redirect Chain
  • https://www.storygize.net/ccm/9779a491-75d6-4ad2-92bd-2f159c9892ab
  • https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=3396&xuid=37cf273d-6031-4a9e-b4c2-17b86d952301&dongle=c7e1
Pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
Connection
keep-alive
P3P
CP ALL ADM DEV PSAi COM OUR OTRo STP IND ONL
Content-Length
0
expires
0
140
match.deepintent.com/usersync/ Frame 772E
0
44 B
Image
General
Full URL
https://match.deepintent.com/usersync/140
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 -, , ASN (),
Reverse DNS
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-length
0
server
c
xuid
eb2.3lift.com/ Frame 772E
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=F0779D14BE13475F8A029938E6735B5D&dongle=yf3
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=7969&xuid=F0779D14BE13475F8A029938E6735B5D&dongle=yf3
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Fri, 06 May 2022 02:41:56 GMT
x-content-type-options
nosniff
server
nginx
location
https://eb2.3lift.com/xuid?mid=7969&xuid=F0779D14BE13475F8A029938E6735B5D&dongle=yf3
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Thu, 05 May 2022 02:41:56 GMT
xuid
eb2.3lift.com/ Frame 772E
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=23&uid=104417412557236261312&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3391&xuid=667670738874&dongle=6f30
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3391&xuid=667670738874&dongle=6f30
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

access-control-allow-origin
*
content-length
0
location
https://eb2.3lift.com/xuid?mid=3391&xuid=667670738874&dongle=6f30
xuid
eb2.3lift.com/ Frame 772E
Redirect Chain
  • https://sync.1rx.io/usersync2/triplelift
  • https://sync.1rx.io/usersync2/triplelift?zcc=1&cb=1651804916228
  • https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://eb2.3lift.com/xuid?mid=4070&xuid=OPTOUT&dongle=2dcc
cache-control
no-store, no-cache, must-revalidate
expires
0
/
p.adsymptotic.com/d/px/ Frame 772E
43 B
259 B
Image
General
Full URL
https://p.adsymptotic.com/d/px/?_pid=16259&_psign=b376958ac9baec8bbf182ce1504b7fee&_puuid=104417412557236261312&gdpr=1&consent=&_redirect=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D6891%26xuid%3D%24%7BUUID%7D%26dongle%3D2b64
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cf-cache-status
DYNAMIC
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
cf-ray
706e5c165aad9b22-FRA
content-length
43
dds
rtb.openx.net/sync/ Frame 3996
43 B
134 B
Image
General
Full URL
https://rtb.openx.net/sync/dds
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:55 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
qrt25ojoh1eo9eou9cglg867n24b44nt
ae2186ca-a57c-edf3-de38-303eef1b99ac
pr-bh.ybp.yahoo.com/sync/openx/ Frame 3996
43 B
994 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/ae2186ca-a57c-edf3-de38-303eef1b99ac?gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:56d8:3e17:fa7d:bb2f Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sd
eu-u.openx.net/w/1.0/ Frame 3996
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
  • https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ptdQ85OH1NMNUI5
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ptdQ85OH1NMNUI5
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:55 GMT
Server
PingMatch/68b9f5e#68b9f5e54dfc641b3d4f527e43216a87a5c6cf08 i-0eac7293533ef1427@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=ptdQ85OH1NMNUI5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3996
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=openx
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=9307a429-74fc-4321-9249-97b575a578a7
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=9307a429-74fc-4321-9249-97b575a578a7
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=01debc14-60bf-4072-ad93-4b63fb59133c&ssp=openx&expires=30&user_group=5&bsw_param=9307a429-74fc-4321-9249-97b575a578a7
  • https://us-u.openx.net/w/1.0/sd?id=537072968&val=9307a429-74fc-4321-9249-97b575a578a7&gdpr=&gdpr_consent=
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9307a429-74fc-4321-9249-97b575a578a7&gdpr=&gdpr_consent=
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//us-u.openx.net/w/1.0/sd?id=537072968&val=9307a429-74fc-4321-9249-97b575a578a7&gdpr=&gdpr_consent=
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sd
eu-u.openx.net/w/1.0/ Frame 3996
Redirect Chain
  • https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8015597892726835373
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8015597892726835373
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/18.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
via
1.1 google
server
OXGW/18.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
bde61906-b102-49fc-9071-652c700bd1fa
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8015597892726835373
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
redir
rtb-csync.smartadserver.com/ Frame 3996
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ox
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFFNlpVN0U2UllBQUR2WkxZM1FFZw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAE6ZU7E6RYAADvZLY3QEg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAE6ZU7E6RYAADvZLY3QEg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAE6ZU7E6RYAADvZLY3QEg&pid=558502&do=add
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAE6ZU7E6RYAADvZLY3QEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...
43 B
163 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAE6ZU7E6RYAADvZLY3QEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol
HTTP/1.1
Server
185.86.139.115 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:55 GMT
transfer-encoding
chunked
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAE6ZU7E6RYAADvZLY3QEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Date
Fri, 06 May 2022 02:41:56 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
async_usersync
ib.adnxs.com/ Frame 18F7
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
454d9170-3b35-47b6-855d-3cf721e96afa
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
cs.emxdgt.com/ Frame 9DBC
0
59 B
Image
General
Full URL
https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D9%26spui%3D%26dpui%3D%24UID
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:55 GMT
content-length
0
content-type
text/html
usersync
x.serverbid.com/ Frame 9DBC
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D&s=185073&C=1
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YnSK9BnQNmhfSJ4Ylzb9MAAA%261185
35 B
525 B
Image
General
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YnSK9BnQNmhfSJ4Ylzb9MAAA%261185
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=YnSK9BnQNmhfSJ4Ylzb9MAAA%261185
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
306
Expires
Fri, 06 May 2022 02:41:56 GMT
usa
sync.go.sonobi.com/ Frame 9DBC
0
478 B
Image
General
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5444%26spui%3D%26dpui%3D
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
usersync
x.serverbid.com/ Frame 9DBC
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=El8hsBZHZihBFk7bRk6VcqLv
35 B
525 B
Image
General
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=El8hsBZHZihBFk7bRk6VcqLv
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Date
Fri, 06 May 2022 02:41:56 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=4&spui=&dpui=El8hsBZHZihBFk7bRk6VcqLv
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap4ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usersync
x.serverbid.com/ Frame 9DBC
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID
  • https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=8015597892726835373
35 B
525 B
Image
General
Full URL
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=8015597892726835373
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b58048bb-af4e-4b76-a8d0-e1d762cba1f8
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=8015597892726835373
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
rtb.openx.net/sync/ Frame 9DBC
43 B
352 B
Image
General
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5531%26spui%3D%26dpui%3D%24%7BUID%7D
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:55 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
5cfdjk2vovksedf0dfbsd8qvk2jhhva5
usersync
exchange.consumabletv.com/ Frame 9DBC
Redirect Chain
  • https://pixel.advertising.com/ups/58321/sync?redir=true
  • https://pixel.advertising.com/ups/58321/sync?redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58321/sync?redir=true&apid=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
  • https://exchange.consumabletv.com/usersync?ttt=1&cn=5&dpui=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
35 B
525 B
Image
General
Full URL
https://exchange.consumabletv.com/usersync?ttt=1&cn=5&dpui=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
HTTP/1.1
Server
159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
access-control-max-age
10080
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-allow-headers
origin, content-type, accept
content-length
58

Redirect headers

location
https://exchange.consumabletv.com/usersync?ttt=1&cn=5&dpui=UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
date
Fri, 06 May 2022 02:41:56 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usync.js
eus.rubiconproject.com/ Frame 8334
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=26894
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Fri, 06 May 2022 10:10:10 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D6CB
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&gdpr=0&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://sync.serverbid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92036
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
rid
match.adsrvr.org/track/ Frame 9DBC
63 B
392 B
Fetch
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
772fd45ed221449ec7d38776de16249d9b6ac37fbfc3eb1780e2b4d35f8be13a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sync.serverbid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://sync.serverbid.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sun, 05 Jun 2022 02:41:56 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 8697
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92036
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
13926
g2.gumgum.com/usync/ Frame CFB3
4 KB
1 KB
Document
General
Full URL
https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1380bb5b4283db23b341696b3199f259a27f88104f2776d544bc9ff91ceb725

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
etag
W/"0886270d43f28e2ba4c4da2d770762039"
server
nginx
timing-allow-origin
*
ps
pixel.33across.com/ Frame 5DC4
0
0
Document
General
Full URL
https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.21 -, , ASN (),
Reverse DNS
Software
33XP001 /
Resource Hash

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
server
33XP001
x-33x-status
2000208
/
onetag-sys.com/usync/ Frame 84FB
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.38.120.206 , France, ASN16276 (OVH, FR),
Reverse DNS
ip206.ip-51-38-120.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
sync
ssbsync.smartadserver.com/api/ Frame FBC4
710 B
959 B
Document
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.103 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
ec277a147db63d44b9309d114fdf74ef3534f9adf7b6623f37f35d75efebce00

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
710
content-type
text/html
date
Fri, 06 May 2022 02:41:56 GMT
usermatch
ssum-sec.casalemedia.com/ Frame B780
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
00c1d7815a87fc5f5e4a1227a0eb9ffc53352e91ef6a2707789d690049b192b1

Request headers

Referer
https://public.servenobid.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
1656
Content-Type
text/html
Date
Fri, 06 May 2022 02:41:56 GMT
Dropped-Udsids
39|230|241|45|13|57|17|152
Expires
Fri, 06 May 2022 02:41:56 GMT
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
Vary
Is-Traffic-Usersync
sync.php
pixel.rubiconproject.com/exchange/ Frame 3B75
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=8015597892726835373
0
344 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=312&uid=8015597892726835373
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6d545b10-3d03-40c1-b802-aea636a4308e
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ads.servenobid.com/sync?pid=312&uid=8015597892726835373
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
  • https://ads.servenobid.com/sync?pid=310&uid=El8hsBZHZihBFk7bRk6VcqLv
0
350 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=310&uid=El8hsBZHZihBFk7bRk6VcqLv
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Location
https://ads.servenobid.com/sync?pid=310&uid=El8hsBZHZihBFk7bRk6VcqLv
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap3ams1
Content-Length
0
Expires
Fri, 20 Mar 2009 00:00:00 GMT
pixel
ap.lijit.com/ Frame 3B75
0
277 B
Image
General
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 06 May 2022 02:41:56 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiOGM4NzBlNGItZDZmZC00NDc3LWEyYjAtNjgxOTVhYjU4YThmIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0wNlQwMjo0MTo1Ni42NjQxNTRaIn0=
0
432 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiOGM4NzBlNGItZDZmZC00NDc3LWEyYjAtNjgxOTVhYjU4YThmIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0wNlQwMjo0MTo1Ni42NjQxNTRaIn0=
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=314&uid=eyJ4dWlkIjoiOGM4NzBlNGItZDZmZC00NDc3LWEyYjAtNjgxOTVhYjU4YThmIiwiZHAiOnt9LCJiZGF5IjoiMjAyMi0wNS0wNlQwMjo0MTo1Ni42NjQxNTRaIn0=
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1651804916314
  • https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
0
336 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://p.rfihub.com/cm?pub=44007&in=1
  • https://ads.servenobid.com/sync?pid=324&uid=5141210820465136000
0
344 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=324&uid=5141210820465136000
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Location
https://ads.servenobid.com/sync?pid=324&uid=5141210820465136000
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
usa
sync.go.sonobi.com/ Frame 3B75
0
478 B
Image
General
Full URL
https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
  • https://ads.servenobid.com/sync?pid=327&uid=4c628c5d-a3af-4c41-92f1-3b4145d31e34&gdpr=0&gdpr_consent=&us_privacy=1YN-
0
356 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=327&uid=4c628c5d-a3af-4c41-92f1-3b4145d31e34&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=327&uid=4c628c5d-a3af-4c41-92f1-3b4145d31e34&gdpr=0&gdpr_consent=&us_privacy=1YN-
date
Fri, 06 May 2022 02:41:55 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
0
server
envoy
content-length
0
sync
ads.servenobid.com/ Frame 3B75
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58559/occ
  • https://ads.servenobid.com/sync?pid=337&uid=y-1OVBlk5E2uEzhmgGjFDhKCnrPlanT3t0Lm61bCw-~A
0
366 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=337&uid=y-1OVBlk5E2uEzhmgGjFDhKCnrPlanT3t0Lm61bCw-~A
Requested by
Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol
H2
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://public.servenobid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

location
https://ads.servenobid.com/sync?pid=337&uid=y-1OVBlk5E2uEzhmgGjFDhKCnrPlanT3t0Lm61bCw-~A
date
Fri, 06 May 2022 02:41:56 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
casale
match.adsrvr.org/track/cmf/ Frame B780
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame B780
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB&gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame B780
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB&dcc=t
43 B
645 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
7PD69P8QN31AZ978RASB
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Z5CXQ0W9G2S6AT5XP6C6
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame B780
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YnSK9BnQNmhfSJ4Ylzb9MAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECeDXO740Iv79sPdXNBvcpA&google_cver=1&gdpr=1
43 B
985 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECeDXO740Iv79sPdXNBvcpA&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:56 GMT

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECeDXO740Iv79sPdXNBvcpA&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame B780
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
43 B
991 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:56 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]&gdpr=1
date
Fri, 06 May 2022 02:41:56 GMT
access-control-allow-credentials
true
x-powered-by
Express
content-length
0
vary
Origin
keep-alive
timeout=5
crum
dsum-sec.casalemedia.com/ Frame B780
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5108559723201643592
43 B
977 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5108559723201643592
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:56 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5108559723201643592
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
crum
dsum-sec.casalemedia.com/ Frame B780
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
43 B
315 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Fri, 06 May 2022 02:41:56 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
106
Content-Type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame B780
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2caa2cc5-c89e-428d-91ce-a2599b9ffcdf
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2caa2cc5-c89e-428d-91ce-a2599b9ffcdf
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:57 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 06 May 2022 02:41:57 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2caa2cc5-c89e-428d-91ce-a2599b9ffcdf
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
132
Expires
Tue, 29 May 1984 15:00:00 GMT
sync
ads.servenobid.com/ Frame B780
0
357 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=333&uid=YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
usersync.gumgum.com/ Frame CFB3
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=8015597892726835373
35 B
250 B
Image
General
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=8015597892726835373
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
41646cda-47fe-4fa5-a618-d223da842d13
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://usersync.gumgum.com/usersync?b=apn&i=8015597892726835373
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usersync
rtb.gumgum.com/ Frame CFB3
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_85371b69-1af8-4fd1-8057-bcaf72f77b3e&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://t.pswec.com/bsw_sync?ssp=gumgum2&bsw_user_id=9307a429-74fc-4321-9249-97b575a578a7
  • https://t.pswec.com/ul_cb/bsw_sync?ssp=gumgum2&bsw_user_id=9307a429-74fc-4321-9249-97b575a578a7
  • https://x.bidswitch.net/sync?dsp_id=2&user_id=6874e251-323b-4a7e-9f60-49f485571808&expires=3&user_group=1&ssp=gumgum2
  • https://rtb.gumgum.com/usersync?b=bsw&i=9307a429-74fc-4321-9249-97b575a578a7
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=bsw&i=9307a429-74fc-4321-9249-97b575a578a7
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:57 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
//rtb.gumgum.com/usersync?b=bsw&i=9307a429-74fc-4321-9249-97b575a578a7
Date
Fri, 06 May 2022 02:41:57 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
redirectObuid
sync.outbrain.com/ Frame CFB3
27 B
27 B
Image
General
Full URL
https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
b53ae3ea99db48f3316a0dcac761293e0a89dd6a3d7688a4df12d36e0cd9cff7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
Connection
close
X-TraceId
ed8f184587baf99757d8630df0a615dd
Content-Length
53
usersync
usersync.gumgum.com/ Frame CFB3
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=cddb44fe-1dc5-47ec-8894-3626d81c55a3
35 B
250 B
Image
General
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=cddb44fe-1dc5-47ec-8894-3626d81c55a3
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
server
OXGW/18.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://usersync.gumgum.com/usersync?b=opx&i=cddb44fe-1dc5-47ec-8894-3626d81c55a3
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
usersync
rtb.gumgum.com/ Frame CFB3
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=sta&i=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=sta&i=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Location
https://rtb.gumgum.com/usersync?b=sta&i=0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22$ip$217.64.151.9
Date
Fri, 06 May 2022 02:41:56 GMT
Connection
keep-alive
Content-Length
121
Content-Type
text/html; charset=utf-8
usersync
rtb.gumgum.com/ Frame CFB3
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/usersync?b=oth&i=y-yB1NTqVE2pduLHCOkK9JvhK5137vczMLLsVX~A
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=oth&i=y-yB1NTqVE2pduLHCOkK9JvhK5137vczMLLsVX~A
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

date
Fri, 06 May 2022 02:41:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://rtb.gumgum.com/usersync?b=oth&i=y-yB1NTqVE2pduLHCOkK9JvhK5137vczMLLsVX~A
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
usersync
usersync.gumgum.com/ Frame CFB3
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fuser...
  • https://usersync.gumgum.com/usersync?b=vnt&i=164eccd5-cce6-11ec-9718-0515b2acad93
35 B
250 B
Image
General
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=164eccd5-cce6-11ec-9718-0515b2acad93
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=164eccd5-cce6-11ec-9718-0515b2acad93
Date
Fri, 06 May 2022 02:41:56 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
1858f50b-cce6-11ec-a446-bd0eb912b22d
services
sync.technoratimedia.com/ Frame CFB3
0
293 B
Image
General
Full URL
https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
193.122.130.38 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
998971963
access-control-allow-origin
https://g2.gumgum.com/
access-control-allow-credentials
true
142
match.deepintent.com/usersync/ Frame CFB3
0
39 B
Image
General
Full URL
https://match.deepintent.com/usersync/142
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 -, , ASN (),
Reverse DNS
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:55 GMT
content-length
0
server
c
usersync
rtb.gumgum.com/ Frame CFB3
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_85371b69-1af8-4fd1-8057-bcaf72f77b3e&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://stags.bluekai.com/site/23178?id=upKfXrpllYSs_FzxiBT6&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT25LQJNTFQ4TQNRWFSU3TL5DHU6DJIJKDMJTVONPXA...
  • https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=upKfXrpllYSs_FzxiBT6&us_privacy=1---
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=upKfXrpllYSs_FzxiBT6&us_privacy=1---
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:57 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:57 GMT
P3p
CP="We do not support P3P header."
Location
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=upKfXrpllYSs_FzxiBT6&us_privacy=1---
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
118
Expires
Thu, 01 Dec 1994 16:00:00 GMT
usersync
usersync.gumgum.com/ Frame CFB3
Redirect Chain
  • https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
  • https://usersync.gumgum.com/usersync?b=idi&i=3574ae70-84d5-4336-8c43-05198c60c48d
35 B
250 B
Image
General
Full URL
https://usersync.gumgum.com/usersync?b=idi&i=3574ae70-84d5-4336-8c43-05198c60c48d
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=idi&i=3574ae70-84d5-4336-8c43-05198c60c48d
date
Fri, 06 May 2022 02:41:56 GMT
access-control-allow-origin
*
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
usersync
rtb.gumgum.com/ Frame CFB3
Redirect Chain
  • https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1651804916429
  • https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
Tengine
etag
OPTOUT
content-type
text/html
location
https://rtb.gumgum.com/usersync?b=rhy&i=OPTOUT
cache-control
no-store, no-cache, must-revalidate
expires
0
usersync
usersync.gumgum.com/ Frame CFB3
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=xqMRGGC7taRM&ev=1&pid=558355
35 B
250 B
Image
General
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=xqMRGGC7taRM&ev=1&pid=558355
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=xqMRGGC7taRM&ev=1&pid=558355
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-588fbd8cf7-brb7n
expires
-1
sync
ssbsync.smartadserver.com/api/ Frame CFB3
0
75 B
Image
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.103 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:55 GMT
content-length
0
sync
ads.servenobid.com/ Frame CFB3
0
358 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=309&uid=e_85371b69-1af8-4fd1-8057-bcaf72f77b3e
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://g2.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
usersync
usersync.gumgum.com/ Frame 277F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
  • https://usersync.gumgum.com/usersync?b=mmh&i=1a236274-8af1-4401-8810-fb66bb615f1e&gdpr=0&gdpr_consent=
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=mmh&i=1a236274-8af1-4401-8810-fb66bb615f1e&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 06 May 2022 02:41:56 GMT
Expires
0
Pragma
no-cache

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Fri, 06 May 2022 02:41:56 GMT
Expires
Fri, 06 May 2022 02:41:55 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4390 fb8620d master ord-pixel-x25 config:1.0.0
location
https://usersync.gumgum.com/usersync?b=mmh&i=1a236274-8af1-4401-8810-fb66bb615f1e&gdpr=0&gdpr_consent=
usersync
usersync.gumgum.com/ Frame 65C2
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://usersync.gumgum.com/usersync?b=atm&i=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=atm&i=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 06 May 2022 02:41:56 GMT
Expires
0
Pragma
no-cache

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Fri, 06 May 2022 02:41:56 GMT
location
https://usersync.gumgum.com/usersync?b=atm&i=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-hhn4053-HHN
x-timer
S1651804916.425271,VS0,VE0
pixel
cm.g.doubleclick.net/ Frame A243
170 B
188 B
Document
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV84NTM3MWI2OS0xYWY4LTRmZDEtODA1Ny1iY2FmNzJmNzdiM2U=&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Fri, 06 May 2022 02:41:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2768
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-201.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=92036
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 07 May 2022 04:15:52 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 3F49
70 B
264 B
Document
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Fri, 06 May 2022 02:41:56 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
usersync
usersync.gumgum.com/ Frame BEDE
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
  • https://cs.emxdgt.com/umcheck?apnxid=8015597892726835373&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
  • https://usersync.gumgum.com/usersync?b=emx&uid=8015597892726835373brt186051651804916430119f1
35 B
250 B
Document
General
Full URL
https://usersync.gumgum.com/usersync?b=emx&uid=8015597892726835373brt186051651804916430119f1
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.247.205.196 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Fri, 06 May 2022 02:41:56 GMT
Expires
0
Pragma
no-cache

Redirect headers

content-length
0
content-type
text/html
date
Fri, 06 May 2022 02:41:55 GMT
location
https://usersync.gumgum.com/usersync?b=emx&uid=8015597892726835373brt186051651804916430119f1
usersync
rtb.gumgum.com/ Frame A799
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://rtb.gumgum.com/usersync?b=sus&i=YnSK9cCo8X4AALhtXfIAAAAA
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=sus&i=YnSK9cCo8X4AALhtXfIAAAAA
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Fri, 06 May 2022 02:41:57 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Fri, 06 May 2022 02:41:57 GMT
Location
https://rtb.gumgum.com/usersync?b=sus&i=YnSK9cCo8X4AALhtXfIAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
3
X-SO-Cluster-ID
36
X-SO-HostName
m-ad57.dc4p.scaleout.jp
X-SO-IP
217.64.151.9
X-SO-Key
YnSK9cCo8X4AALhtXfIAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":36,"gdpr":true,"ipv4":"0.0.0.0","key":"YnSK9cCo8X4AALhtXfIAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad57"}
X-SO-LB-Hostname
m-tgng26.dc4p.scaleout.jp
X-SO-Upstream-ID
m-ad57
usersync
rtb.gumgum.com/ Frame 9397
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://rtb.gumgum.com/usersync?b=rth&i=G9yt9qThxd004HopG9jX&pi=gumgum
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/usersync?b=rth&i=G9yt9qThxd004HopG9jX&pi=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.122.228 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Fri, 06 May 2022 02:41:56 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Fri, 06 May 2022 02:41:56 GMT Fri, 06 May 2022 02:41:56 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rtb.gumgum.com/usersync?b=rth&i=G9yt9qThxd004HopG9jX&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 8D7F
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://g2.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 06 May 2022 02:41:56 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 06 May 2022 02:41:56 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
sync
ads.servenobid.com/ Frame FBC4
0
344 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=317&uid=996826995928047961&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.111.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-111-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0
/
rtb-csync.smartadserver.com/redir/ Frame FBC4
Redirect Chain
  • https://demand.trafficroots.com/sync.php?partner=3379&redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D137%26partneruserid%3D%7Btrafficroots_id%7D&gdpr=0&gdpr_...
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=b02cf10379&gdpr=0&gdpr_consent=
43 B
420 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=b02cf10379&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.115 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Date
Fri, 06 May 2022 02:41:56 GMT
Referrer-Policy
origin-when-cross-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=137&partneruserid=b02cf10379&gdpr=0&gdpr_consent=
X-XSS-Protection
1; mode=block
Transfer-Encoding
chunked
Connection
keep-alive
X-Content-Type-Options
nosniff
/
rtb-csync.smartadserver.com/redir/ Frame FBC4
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=5&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7094448093601790094&gdpr=0&gdpr_consent=
43 B
408 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7094448093601790094&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.115 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Location
https://rtb-csync.smartadserver.com/redir/?partnerid=49&partneruserid=7094448093601790094&gdpr=0&gdpr_consent=
Date
Fri, 06 May 2022 02:41:56 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
/
rtb-csync.smartadserver.com/redir/ Frame FBC4
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/gjIEMT18?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D94%26partneruserid%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
43 B
405 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Server
185.86.139.115 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:55 GMT
cache-control
no-cache,no-store
content-type
image/gif
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
via
1.1 varnish
server
Varnish
x-timer
S1651804916.490965,VS0,VE0
x-served-by
cache-hhn4053-HHN
x-cache
HIT
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=94&partneruserid=YnSK7gAAABjGdgP0&gdpr=0&gdpr_consent=
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
9.gif
id5-sync.com/i/102/ Frame FBC4
43 B
960 B
Image
General
Full URL
https://id5-sync.com/i/102/9.gif?gdpr=0&gdpr_consent=
Requested by
Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.71 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216577.ip-141-95-98.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssbsync.smartadserver.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:55 GMT
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/gif;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
pixel
cm.g.doubleclick.net/ Frame 8334
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJUVFpUWlMtQS1FSzlG
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJUVFpUWlMtQS1FSzlG
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDJUVFpUWlMtQS1FSzlG
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
709414.gif
id.rlcdn.com/ Frame 8334
0
0
Image
General
Full URL
https://id.rlcdn.com/709414.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

setuid
px.ads.linkedin.com/ Frame 8334
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2TTZTZS-A-EK9F
0
141 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2TTZTZS-A-EK9F
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 54ACAC1892D04AF8BE540DDF75AB0236 Ref B: FRAEDGE1119 Ref C: 2022-05-06T02:41:56Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXeTs1KqpiJjk1Bud3kOw==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L2TTZTZS-A-EK9F
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
37b22a0c36bd84993dd2cda4a5e04b1d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 8334
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2TTZTZS-A-EK9F&sigv=1&esig=2~80d0111261e903f5c9e92f3651c976446c24ed94
0
194 B
Image
General
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2TTZTZS-A-EK9F&sigv=1&esig=2~80d0111261e903f5c9e92f3651c976446c24ed94
Protocol
H2
Server
2a00:1288:80:807::2 -, , ASN (),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L2TTZTZS-A-EK9F&sigv=1&esig=2~80d0111261e903f5c9e92f3651c976446c24ed94
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
704c1e4d3fcc922a3031d436b584678b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 8334
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/tyS_ZetmobLeTLB6Sk9fAw?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8426252973966648352
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8426252973966648352
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

date
Fri, 06 May 2022 02:41:56 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8426252973966648352
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
tap.php
pixel.rubiconproject.com/ Frame 8334
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENqfaebZ3YcW9GiEwsgMXKs&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENqfaebZ3YcW9GiEwsgMXKs&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESENqfaebZ3YcW9GiEwsgMXKs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 8334
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3v0xkvxPSUSYhC5aE0lX9g&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3v0xkvxPSUSYhC5aE0lX9g
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3v0xkvxPSUSYhC5aE0lX9g
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:56 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
2FCGHMJQ9TNZJFV5HEK9
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3v0xkvxPSUSYhC5aE0lX9g
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 8334
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 May 2022 02:41:56 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usync.js
eus.rubiconproject.com/ Frame 8D7F
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-235-133.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Fri, 06 May 2022 02:41:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Mar 2022 16:28:01 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=26894
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9542
Expires
Fri, 06 May 2022 10:10:10 GMT
sync.php
pixel.rubiconproject.com/exchange/ Frame 8D7F
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L2TTZTZS-A-EK9F
Requested by
Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif
st
capi-tier-1-us-east-2.connatix.com/tr/ Frame CE0F
0
315 B
XHR
General
Full URL
https://capi-tier-1-us-east-2.connatix.com/tr/st?v=161155
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.200.104 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-200-104.us-east-2.compute.amazonaws.com
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Fri, 06 May 2022 02:41:56 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://threatpost.com
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
20
async_usersync
ib.adnxs.com/ Frame 18F7
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.15 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 May 2022 02:41:57 GMT
X-Proxy-Origin
217.64.151.9; 217.64.151.9; 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4aee4ad4-747d-4717-b160-e89642d5661a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Verdicts & Comments Add Verdict or Comment

411 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| gform string| gAMP_urlhost string| gAMP_urlpath string| gAMP_urlquery string| gAMP_contentid string| gAMP_category string| gAMP_contenttags number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug boolean| gTrackVisibility boolean| gLazyLoad boolean| gTrackPageVisibility number| k30SecondRefreshInterval number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| k999SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad728x90ATF object| ad300x250ATF object| ad300x250ATF2 object| ad728x90ATFTAB object| ad728x90STICKY object| ad300x250ATFTAB object| ad300x250ATF2TAB object| ad320x50ATF object| ad300x250ATFM object| ad300x250ATF2M object| ad2x2skin object| adGoogleAdXInterstitial number| gBrowserWidth object| desktopAdUnits object| tabletAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount function| _0x2484c2 object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gIntersectionObserver object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gPrebidBidsBack object| googletag object| pbjs function| _0x47b6 boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| sendAdserverRequest function| _0x4815 function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| attachCloseBoxSVG function| configureAdSlot function| getCookie object| apstag function| cnx function| $ function| jQuery object| gdprDynamicStrings object| gdprStrings object| kss object| sNew object| s0 object| dataLayer boolean| jQueryMigrateHelperHasSentDowngrade object| cnx_usr_storage object| ggeac object| google_tag_data object| google_js_reporting_queue object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client boolean| apstagLOADED boolean| creativeVendorLibraryLoaded object| google_tag_manager function| postscribe object| google_tag_manager_external string| GoogleAnalyticsObject function| ga object| _qevents function| twq object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI undefined| google_measure_js_timing object| player_instance_2480ee6681074e1e8c3cb7d9f6c30cdd object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins function| __uspapi function| __uspOpenUI function| pbjsChunk object| _pbjsGlobals object| ADAGIO string| nobidVersion object| nobid object| recaptcha object| PublisherCommonId object| ID5 object| kasperskyDynamicaReCaptchaData object| jQuery1124009459158637660536 object| kaspersky object| prmOm object| omPlatformsSettings function| trackKLReferrer function| trackTrialSubmit function| trackFraud function| getFilename function| trackFile function| trackTrial function| trackTrialKMS function| trackPU function| trackPU2 function| trackDoc function| trackBeta function| trackDBUpdate function| trackDRFile function| trackLink function| trackCountrySelector function| trackLRC function| trackIPP function| trackPage function| trackLRCFallback function| trackMaxymiser function| trackAuditories function| trackCroSegment function| trackCta function| trackDownload function| trackEvent function| trackExit function| trackForm function| trackGoToPayment function| trackChangePaymentMethod function| trackLena function| trackMarketLincGroup function| trackMarketLincVisitor function| trackPageView function| trackPageViewOnLoad function| trackPartnerLocatorSearchEvent function| trackProductView function| trackRegistration function| trackSaleButton function| trackSignin function| trackSignIn function| trackUpsellPage function| omSetContext function| omSetOmnitureParameters function| omChooseCookieDomain function| omGetAbsoluteUrl function| omGetBusinessType function| omGetGoogleAnalyticsClientId function| omGetHostName function| omGetOrigin function| omGetPageNameFromPath function| omGetQueryParam function| omReadCookie function| omRemoveAllUrlParameters function| omRemoveAllUrlParametersForDownloads function| omRemoveUrlParameter function| omRemoveCookie function| omSafeParseJson function| omSetCookie function| omSetInp function| removeHashFromString function| omPushEventToDataLayer function| omCreateEventParamsObj function| omPushTrackingObjectToDataLayer function| omPrepareProductsString function| omHandleClick function| omHandleMessage function| e object| sng object| s object| visitorConfigObj function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in object| _uxa number| s_objectID number| s_giq object| runtime object| regeneratorRuntime function| setImmediate function| clearImmediate object| wp object| gaplugins object| gaGlobal object| gaData object| twttr object| ldj2Oj2 function| ldj2Oj3 object| xop function| quantserve function| __qc object| ezt object| _qoptions function| qtrack function| sprintf function| vsprintf object| gform_i18n object| gf_global object| gf_legacy_multi object| gf_legacy number| google_global_correlator function| announceAJAXValidationErrors function| gformBindFormatPricingFields function| Currency function| gformCleanNumber function| gformGetDecimalSeparator function| gformIsNumber function| gformIsNumeric function| gformDeleteUploadedFile object| _gformPriceFields undefined| _anyProductSelected function| gformIsHidden function| gformCalculateTotalPrice function| gformUpdateTotalFieldPrice function| gformGetShippingPrice function| gformGetFieldId function| gformCalculateProductPrice function| gformGetProductQuantity function| gformIsProductSelected function| gformGetBasePrice function| gformFormatMoney function| gformFormatPricingField function| gformToNumber function| gformGetPriceDifference function| gformGetOptionLabel function| gformGetProductIds function| gformGetPrice function| gformRoundPrice function| gformRegisterPriceField function| gformInitPriceFields function| gformShowPasswordStrength function| gformPasswordStrength function| gformToggleShowPassword function| gformToggleCheckboxes function| gformToggleRadioOther function| gformAddListItem function| gformDeleteListItem function| gformAdjustClasses function| gformAdjustRowAttributes function| gformToggleIcons function| gformAddRepeaterItem function| gformDeleteRepeaterItem function| gformResetRepeaterAttributes function| gformToggleRepeaterButtons function| gformMatchCard function| gformFindCardType function| gformToggleCreditCard function| gformInitChosenFields function| gformInitCurrencyFormatFields function| GFMergeTag function| GFCalc undefined| __gf_keyup_timeout function| gformFormatNumber function| getMatchGroups function| gf_get_field_number_format function| gformValidateFileSize function| gformInitSpinner function| gformAddSpinner function| gformReInitTinymceInstance function| gf_raw_input_change function| gf_get_input_id_by_html_id function| gf_get_form_id_by_html_id function| gf_get_ids_by_html_id function| gf_input_change function| gformExtractFieldId function| gformExtractInputIndex function| rgars function| rgar function| HandleUnsavedChanges function| renderRecaptcha function| gformIsRecaptchaPending object| gfMultiFileUploader undefined| __gf_timeout_handle function| gf_apply_rules function| gf_check_field_rule function| gf_get_field_logic function| gf_apply_field_rule function| gf_get_field_action function| gf_is_match function| gf_is_match_checkable function| gf_is_checkable_empty function| gf_is_match_default function| gf_format_number function| gf_try_convert_float function| gf_matches_operation function| gf_get_value function| gf_do_field_action function| gf_do_next_button_action function| gf_do_action function| gf_reset_to_default function| gf_is_hidden_pricing_input object| Placeholders object| gf_form_conditional_logic string| gf_number_format function| do_callback function| cnxProxyTask object| aV9xhE function| aV9xhs function| xblacklist function| gtag function| onYouTubeIframeAPIReady object| MZ1D6o2 function| MZ1D6o3 function| xblocker object| closure_lm_156648 object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| sas object| apntag object| _ADAGIO string| main_loc object| in_domain object| locale_out undefined| url_path_start_latam undefined| locale_out_latam string| firstPart undefined| locale object| url_path_start undefined| domain_loc function| SetCookie string| newCookieValue string| _linkedin_data_partner_id object| GoogleGcLKhOms function| lintrk boolean| _already_called_lintrk object| ONFOCUS object| s_i_kaspersky-single-suite number| _tlTagsPending object| google_image_requests function| cnxAddEventListener

113 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgAIQ-Pj6uYkwCgoIgQIQr_f6uYkwCgoIggIQ-Pj6uYkwCgoIgwIQypP7uYkwCgoIhwIQr_f6uYkwCgkICRCv9_q5iTAKCQhJEOz3-rmJMAoJCAsQr_f6uYkwCgoIiwIQypP7uYkwCgoIjAIQr_f6uYkwCgoIzgEQ7Pf6uYkwCgoIjgEQ7Pf6uYkwCgkIDhDKk_u5iTAKCgiPAhD4-Pq5iTAKCgiQAhDKk_u5iTAKCgiRAhCv9_q5iTAKCgiSAhDs9_q5iTAKCgiUAhDs9_q5iTAKCgiVAhDKk_u5iTAKCgjWARDs9_q5iTAKCgiaARDKk_u5iTAKCQgbEOz3-rmJMAoKCJ0CEMqT-7mJMAoKCN4BEPj4-rmJMAoJCF8Qr_f6uYkwCgkIHxDs9_q5iTAKCgihARCv9_q5iTAKCgjiARDs9_q5iTAKCgiiAhD4-Pq5iTAKCgjjARD4-Pq5iTAKCQgkEMqT-7mJMAoKCOYBEK_3-rmJMAoKCOcBEPj4-rmJMAoJCHMQ-Pj6uYkwCgoIuAEQypP7uYkwCgkIORDs9_q5iTAKCQg6EK_3-rmJMAoKCPsBEPj4-rmJMAoKCP8BEPj4-rmJMAoJCD8QypP7uYkw
.www.venminder.com/ Name: __cfruid
Value: 759acdcd85af24b314fa8247642510cb596c0fe8-1651804907
.threatpost.com/ Name: _cs_mk
Value: 0.03759068036255542_1651804910241
.threatpost.com/ Name: _gid
Value: GA1.2.2007371390.1651804910
.threatpost.com/ Name: _gat_UA-35676203-21
Value: 1
threatpost.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.demdex.net/ Name: demdex
Value: 40552020846598719543248989789158379580
.t.co/ Name: muc_ads
Value: 8622a348-6753-4bc0-b1c0-8ab62971a514
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/ Name: ljt_reader
Value: El8hsBZHZihBFk7bRk6VcqLv
.rubiconproject.com/ Name: khaos
Value: L2TTZTZS-A-EK9F
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2agCGZGNJ8Jzpcd3HBZZ775PzI6EyVJjnj+CQiMALPWQia56s6sEWQb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.threatpost.com/ Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1
.twitter.com/ Name: personalization_id
Value: "v1_9sUXmRTjI5UtoUb8puzBpA=="
.adnxs.com/ Name: uuid2
Value: 8015597892726835373
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YnSK7gAAABjGdgP0
.serverbid.com/ Name: CONSUMABLEID
Value: e3533ae70a104c85933ae70a107c85af
.openx.net/ Name: i
Value: e94adfd7-9c57-404d-b539-ee23746b6718|1651804910
.dpm.demdex.net/ Name: dpm
Value: 40552020846598719543248989789158379580
.quantserve.com/ Name: mc
Value: 62748aef-14d64-0c385-bb1b6
.threatpost.com/ Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19119%7CMCMID%7C38990236835773763922543512693458714214%7CMCAAMLH-1652409710%7C6%7CMCAAMB-1652409710%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1651812110s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19126%7CvVersion%7C4.4.0
.threatpost.com/ Name: _pubcid
Value: c00e206e-2cc4-4f89-aa45-e22a0d59bb57
.threatpost.com/ Name: __qca
Value: P0-2120476283-1651804911065
threatpost.com/ Name: usprivacy
Value: 1---
.threatpost.com/ Name: _gat_UA-63997723-2
Value: 1
threatpost.com/ Name: CookieConsent
Value: {stamp:385219734=='|Cnecessary:true|Cpreferences:true|Cstatistics:true|Cmarketing:true|Cver:1|Cutc:1644544435|Cregion:'not_gdpr'}
.adnxs.com/ Name: icu
Value: ChgIzLJhEAoYAiACKAIw75XSkwY4AkACSAIQ75XSkwYYAQ..
.threatpost.com/ Name: _gcl_au
Value: 1.1.870462571.1651804911
prebid.a-mo.net/ Name: __amc
Value: 2_1651804910_1651804911
.threatpost.com/ Name: __gads
Value: ID=75ca0247bfbd0022-224692588ecd00df:T=1651804911:S=ALNI_MajL0RtdRLnw42uDsmMyU8uNoiO5A
.linkedin.com/ Name: UserMatchHistory
Value: AQI5fdWovriq2gAAAYCXPre8dA3ek5ssBz4fnr_OjIZ-0dlh3xMe2Pg7NQAuBbUh8QChHdoVh7dPtg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJxnYrEL9MjxwAAAYCXPre8iG7XJMsvkUFAUmpmt_5oA3GPL2ohg7Q871trwW9c0bb7guvniDfo-Nou3jBzMQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&81b50ba5-0b6e-4937-864c-d4827a35da92"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2782:u=1:x=1:i=1651804911:t=1651891311:v=2:sig=AQEp6MO7U5qAi-ltsfMYX6zDb-n6UC-y"
.doubleclick.net/ Name: IDE
Value: AHWqTUn9-YIaJBw3QymQaIHROX1a_lVMFWowe4Qt8WCn2h61CHwG2-dQXxz6ssfkJzA
.threatpost.com/ Name: _ga_YP1JLG57CH
Value: GS1.1.1651804911.1.0.1651804911.0
.threatpost.com/ Name: _ga
Value: GA1.1.197470812.1651804910
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20220506024151a75813d4-aefe-42f2-84e3-b6ff22dd087fAQFm1akBWYv_rSlpVcFOqUOaNvLkKRJ1"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTE4MDQ5MTE7MjswMjG3PMHcr9beJWz2aDXvdstyVT1F/kLEhutqTvSTNYU8tw==
.threatpost.com/ Name: s_cc
Value: true
.3lift.com/ Name: tluid
Value: 104417412557236261312
.bidswitch.net/ Name: c
Value: 1651804912
.bidswitch.net/ Name: tuuid_lu
Value: 1651804912
.bidswitch.net/ Name: tuuid
Value: 9307a429-74fc-4321-9249-97b575a578a7
.perf-serving.com/ Name: tuuid
Value: bee6cb6a-2b9d-404b-82ca-dd3c015eb6c9
.perf-serving.com/ Name: c
Value: 1651804912
.perf-serving.com/ Name: tuuid_lu
Value: 1651804912
.adnxs.com/ Name: anj
Value: dTM7k!M4/YEVNsVF']wIg2Il]ttjI!!]tbP6j2F-.aE*LBAgB^jFq#Pe9i?]i+fdilwW0qfR[$ehv--7j7_#^/X+GY1Qw1`OJtf<
.adnxs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJ0cmlwbGVsaWZ0X25hdGl2ZSI6eyJ1aWQiOiIxMDQ0MTc0MTI1NTcyMzYyNjEzMTIiLCJleHBpcmVzIjoiMjAyMi0wOC0wNFQwMjo0MTo1MloifX0sImJpcnRoZGF5IjoiMjAyMi0wNS0wNlQwMjo0MTo1MloifQ==
.bing.com/ Name: MUID
Value: 00C3134B55D86091014C02D754B36178
.turn.com/ Name: uid
Value: 4229483670715824364
.yahoo.com/ Name: A3
Value: d=AQABBPCKdGICELXvUuwwYJIjw5U8HmGbwUYFEgEBAQHcdWJ-YgAAAAAA_eMAAA&S=AQAAAjZgIIx5yhLCfqZL_svJvFE
.bidr.io/ Name: bito
Value: AAE6ZU7E6RYAADvZLY3QEg
.bidr.io/ Name: bitoIsSecure
Value: ok
.w55c.net/ Name: wfivefivec
Value: ptdQ85OH1NMNUI5
.w55c.net/ Name: matchtriplelift
Value: 5
.mfadsrvr.com/ Name: tuuid
Value: 31bfab55-5542-414f-8464-bfd91b352886
.mfadsrvr.com/ Name: c
Value: 1651804913
.mfadsrvr.com/ Name: tuuid_lu
Value: 1651804913
.mfadsrvr.com/ Name: ssh
Value: !triplelift,1651804913
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-89f7d1b9-f121-42ab-7e9a-390c5fc41a22.DUv75eyumrD0gXATIEc5o0t030GZwoDdHbHnF0Xybss
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AiffRufEhQqt-mjkMX8QaItlAlwk.kDDH4RcksRtxH4hmX7XKwmEnA74fGdnSYTWrWgdNwD8
.ipredictive.com/ Name: cu
Value: 164eccd5-cce6-11ec-9718-0515b2acad93|1651804913045
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.amazon-adsystem.com/ Name: ad-id
Value: A_hCmD3okkLFsNK1qlY_kpo
.creativecdn.com/ Name: u
Value: G9yt9qThxd004HopG9jX
.creativecdn.com/ Name: ts
Value: 1651804913
ads.avct.cloud/ Name: uuid
Value: 7219b488-5b38-41e0-ad5e-47cc9b2ad428
.mathtag.com/ Name: uuid
Value: 1a236274-8af1-4401-8810-fb66bb615f1e
.realestate.com.au/ Name: mid
Value: 14104041424363397280
.redintelligence.net/ Name: 8lcfmzhxc8d6_uid
Value: 87fcd703411e0354
.adform.net/ Name: C
Value: 1
.realestate.com.au/ Name: External
Value: %2FTRIPLELIFT%3D104417412557236261312%2F_EXP%3D1683340913%2F_exp%3D1683340913
.adform.net/ Name: uid
Value: 8276987309949310286
.adform.net/ Name: TPC
Value: 1651804914009
.quantserve.com/ Name: d
Value: EGwBEwGJJoqsMNre0gA
.threatpost.com/ Name: cto_bundle
Value: k-gVcF9sOWlsOGJmMThMc2Z0TDhPJTJGMkJsNUkyaTJSYmNJS1lZcnU2MEUlMkZzJTJCMEJmQnlJRlY3ZVMxWHRpTjdtdUU2S2gwUlhlZlFVRDV4QkZENldlUE9GdlF3amFNVktvaEZmRnlzcHFNdkdEYlRoSnltbFRBaWZRdmRrUmRvS2xjaXFBbg
.threatpost.com/ Name: cto_bidid
Value: 1czTlV9FUzBiZ0E4S0hXZDFjeSUyQiUyRldlNjUlMkZmT3paOGFkU0hLJTJCdEhOdXU2TUMyNWJlODBHclQwWkpHSzBqNVRMUXo1eE1HbmNlY1gyVHRKaTRVejRPcVQlMkYlMkJhdyUzRCUzRA
.openx.net/ Name: pd
Value: v2|1651804914.2|kiiygevNgun0.gqsLommOnsgi
.w55c.net/ Name: matchopenx
Value: 5
.acuityplatform.com/ Name: auid
Value: 667670738874
.acuityplatform.com/ Name: aum
Value: OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqBMjP6jXVzZXJNYXRjaGluZ0lkJK6RbGFzdERyb3BUaW1lTWlsbGlzJQFAJWdsUJaYbGFzdFN1Y2Nlc3NmdWxNYXRjaE1pbGxpcyUBQCVnbFCWj3RoaXJkUGFydHlVc2VySWRUMTA0NDE3NDEyNTU3MjM2MjYxMzEy+/uGdmVyc2lvbsL7
.simpli.fi/ Name: suid
Value: F0779D14BE13475F8A029938E6735B5D
.casalemedia.com/ Name: CMID
Value: YnSK9BnQNmhfSJ4Ylzb9MAAA
.casalemedia.com/ Name: CMPS
Value: 5203
.advertising.com/ Name: APID
Value: UP18414da8-cce6-11ec-8815-02b9b7b7c3ee
.casalemedia.com/ Name: CMPRO
Value: 1185
.casalemedia.com/ Name: CMST
Value: YnSK9GJ0ivQA
.lijit.com/ Name: _ljtrtb_273657
Value: 273657
.servenobid.com/ Name: pid_312
Value: 8015597892726835373
.analytics.yahoo.com/ Name: IDSYNC
Value: 1901~24q2
.servenobid.com/ Name: pid_321
Value: OPTOUT
.servenobid.com/ Name: pid_333
Value: YnSK9BnQNmhfSJ4Ylzb9MAAABKEAAAAB
.servenobid.com/ Name: pid_310
Value: El8hsBZHZihBFk7bRk6VcqLv
.servenobid.com/ Name: pid_337
Value: y-1OVBlk5E2uEzhmgGjFDhKCnrPlanT3t0Lm61bCw-~A
.a-mo.net/ Name: amuid2
Value: 4c628c5d-a3af-4c41-92f1-3b4145d31e34
.gumgum.com/ Name: vst
Value: e_85371b69-1af8-4fd1-8057-bcaf72f77b3e
.creative-serving.com/ Name: tuuid
Value: 01debc14-60bf-4072-ad93-4b63fb59133c
.creative-serving.com/ Name: c
Value: 1651804916
.creative-serving.com/ Name: tuuid_lu
Value: 1651804916
.servenobid.com/ Name: pid_327
Value: 4c628c5d-a3af-4c41-92f1-3b4145d31e34
.emxdgt.com/ Name: euid
Value: 186051651804916430119f1
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjYyMDQzMTa1NBLiM9SNNPQo8vR3C4g3i8-V4jU0MzW0MDCxBCkwAACEMyaCNAAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAPvFyGtoZmpoYWBiaWhmYmwAADllyb0QAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0sDA1tTQ3MjYyMDQzMTa1NBLiM9SNNPQo8vR3C4g3i88FABX-M5olAAAA
.smartadserver.com/ Name: pid
Value: 996826995928047961
.servenobid.com/ Name: pid_309
Value: e_85371b69-1af8-4fd1-8057-bcaf72f77b3e
.emxdgt.com/ Name: eapn_id
Value: 8015597892726835373
.casalemedia.com/ Name: CMRUM3
Value: 3962748af427605108559723201643592&1162748af405a0&2d62748af405a0&2762748af40b40&e662748af42760&f162748af405a0&9862748af405a00
.servenobid.com/ Name: pid_324
Value: 5141210820465136000
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: dac8efdb94b13c72

26 Console Messages

Source Level URL
Text
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://hal900016.redintelligence.net').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://hal900021.redintelligence.net').
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://threatpost.com/bad-actors-remote-everything/179458/?web_view=true&utm_campaign=Third%20Party%20Thursday%20Newsletter&utm_medium=email&_hsmi=212153234&_hsenc=p2ANqtz-9_xVX5B8XrN7r8YKYnN39hg-oHobri6xLSJeisynqzw-2zbwZlXZxhXUnYAAs9EIvzeIxooPMPMg0osQvILc_WWOjupQ&utm_content=212153234&utm_source=hs_email
Message:
The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
network error URL: https://c1.adform.net/serving/cookie/match?party=1245&gdpr=1&gdpr_consent=
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
security error URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network error URL: https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

01a319fa2ebd75176d0349a9db7f69a5.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ads.avct.cloud
ads.creative-serving.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
aws-fr-sync.bidswitch.net
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-1-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.id5-sync.com
cdnjs.cloudflare.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs.emxdgt.com
csync.loopme.me
demand.trafficroots.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
exchange.consumabletv.com
fastlane.rubiconproject.com
g2.gumgum.com
geo.ipify.org
ghent-aws-fr.bidswitch.net
gum.criteo.com
hal9000.redintelligence.net
hal900016.redintelligence.net
hal900021.redintelligence.net
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.3lift.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
images.perf-serving.com
imasdk.googleapis.com
img.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
oba-pool-eu.perf-serving.com
odr.mookie1.com
onetag-sys.com
p.adsymptotic.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.advertising.com
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
s1.adform.net
sasinator.realestate.com.au
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
snap.licdn.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.extend.tv
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.technoratimedia.com
t.co
t.pswec.com
tag.1rx.io
tagan.adlightning.com
tags.mathtag.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
triplelift-match.dotomi.com
u.openx.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
us.creativecdn.com
usersync.getpublica.com
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.storygize.net
www.venminder.com
x.bidswitch.net
x.serverbid.com
x.yieldlift.com
104.18.101.194
104.244.42.133
104.244.42.195
104.92.72.137
104.92.74.8
124.146.215.44
13.107.42.14
13.236.156.184
13.248.245.213
138.201.220.30
141.95.98.71
142.250.184.194
142.250.185.162
142.250.185.70
143.204.95.188
143.204.98.119
143.204.98.56
143.204.98.64
144.76.238.55
147.75.38.124
15.188.95.229
151.101.130.137
151.101.194.137
151.101.194.49
154.59.122.79
159.89.246.130
162.254.186.187
169.197.150.7
169.50.137.182
178.162.133.149
178.250.0.157
18.156.0.31
18.195.155.181
18.205.45.54
184.30.20.207
185.183.112.155
185.184.10.30
185.184.8.90
185.33.220.242
185.33.221.15
185.64.189.110
185.85.15.23
185.86.139.103
185.86.139.115
192.132.33.46
193.0.160.129
193.122.130.38
198.148.27.140
199.232.136.157
2001:678:cb4:bbbb::11
204.237.133.116
209.54.180.3
213.19.147.42
213.19.147.44
216.200.232.249
216.52.2.19
23.205.235.133
23.206.210.112
23.32.59.34
23.35.236.188
23.35.236.201
23.35.236.247
23.88.75.187
2600:9000:2156:200:6:44e3:f8c0:93a1
2600:9000:2156:2e00:0:5c46:4f40:93a1
2600:9000:2156:9e00:2:9275:3d40:93a1
2602:803:c004:200::143
2606:2c40::c73c:671c
2606:4700:20::681a:9a9
2606:4700:3030::ac43:cf70
2606:4700::6811:180e
2606:4700::6812:372
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:808::2002
2a00:1450:4001:810::2004
2a00:1450:4001:810::200a
2a00:1450:4001:811::2006
2a00:1450:4001:813::2008
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:830::200e
2a00:1450:400c:c08::9b
2a02:2638:1::13
2a02:26f0:3500:7::17d8:4dc7
2a02:fa8:8806:12::1370
2a05:d018:d29:3602:56d8:3e17:fa7d:bb2f
3.120.55.178
3.121.45.11
3.123.117.219
3.123.149.239
3.136.200.104
3.221.88.208
3.72.114.165
34.196.42.166
34.210.168.133
34.245.154.233
34.247.205.196
34.248.122.228
34.253.111.207
34.98.64.218
34.98.67.61
35.157.220.171
35.157.246.167
35.157.46.192
35.158.179.85
35.158.59.51
35.173.160.135
35.186.253.211
35.211.178.172
35.244.154.251
35.244.174.68
35.71.131.137
37.157.4.40
37.157.5.142
37.157.5.71
46.105.202.126
51.38.120.206
52.19.46.209
52.2.37.89
52.49.96.153
52.51.122.227
52.95.126.160
54.205.198.81
54.226.216.14
54.74.45.231
54.81.207.173
64.140.160.2
66.155.71.150
67.202.105.21
69.173.144.139
69.173.144.165
70.42.32.31
70.42.32.63
72.251.249.9
74.121.143.246
85.114.159.118
00c1d7815a87fc5f5e4a1227a0eb9ffc53352e91ef6a2707789d690049b192b1
00c37c0419676c0f44d23b92140d3a7a9d90acfe4af50b10beda33da55bb6a17
02f36365cc7010c910890dcbfb1abc1bc2877441c30551f386ac52708a81cb58
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
057a6a0bf875e81049e129d63e6475234e4b44ad9cbf348e7a99a3f0b3315978
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
07773674da8a5d7de6575be849321af69c60333d821b2e531b8b6aad8cb8deba
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
099a67a6b25e20de6ccee105ab6e2ea58a6562dd2f7d1c499bc57a4511e14868
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bfa346d7611b406e1c95c3ae1c7bd1a9a7c5340a7a197842f0005f7380546be
1030fc8851425c20e532acd288aa03d709507bcd3d55367f980d55de309ead68
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
151fec0533833003fd2bfd748bdbf4470bf0455353cfde81a65d2bfc42ab1ffe
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
17f9ea85ca16de8b5d672ce183c77b84f6ae0dc63d84d4a72d79bb0b06ca5926
18d6e52207752c1915ed1ce61df21341b12b82bdc1e2dde86f81765c5aa81b1f
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1dff6405301dc8e4d3dc0960c598a8a16f7520fa6f0fbc7851ae31086d3e9ed8
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
20c0569955e76587d3ea93366b1a031879abe919165e51170a378497fd2d8473
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311
260561a7eb727dcab19e6a6fcf626183fb3abe0b46a122d7cdae9c6d6dca97b4
270e057943921b2dd09052353e02f32c8f7369816ac92717b7e4efa3393eed0d
2882af18f38bb5e90c9eda4f3177fd8b0d94e0a5e6ccbb1210b28389faffde77
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b68268746b3717ed1c67395bf7d604395f0fe160ab0e97ab8d7d1c196fff70d
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2ec122efee8c7603a1d9199353591549d7cb4eeb3561395e186bc4ba06805a99
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
311beabde927690d6dec48a768038c7154fe4caaec26df8b6bf048178ff25fa9
3191146ab1383c7a59c455534ed26ddd5b9eb88e18fda02b752acfbc407d4c4b
320ff47b0b2d16cdb40622daf06d659f65b6450cc7416b96252bba58635b9bad
343ea6f53cd6ddde97c421f384c229147c9c507452690d8bd0045be5453df3f8
34cfea1fc4c327a3eb34e1c0380b5bf6280f2777a8b1303535ba588658ec4a39
35247b5335f31105e6a22498ceaf264f88dbdd2ecc64114afe2fe3c9eeff5035
35ce0065474e23924984a0b8a8bbcd54c01d7f51b7d087bd628dd90503e62f89
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3bcb68a75341bec0824c3631b5e853564e98f41efaa477bbd8dbc55d51191539
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41c277a5af698eaa024d37ebe3d4bdff204b3d1aac980f21b7e74e02f13e8262
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
422757d1c6ba8faac191d649b5e63bf6289e245729fe44af9e785ef5d948ca2f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454725b1338b7947285932d1ed1a01b521065cfdb5d97298b2340b0fad58a933
4564f01d8877e2b9ef7370adb07db5824274499062cea09408e0e167cae7abd1
458d3c67d05851e4470066b036a244cda6400c00cc443044a8f5be30c8c7c8e1
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
487be71e7a4a2a65acbb56bc812152f00e845b5c99eadb2e1eb9c432c9f80117
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a03c06ea567b2a7dd992bed820e61243d24084bf8bead4caeb5c470ce397064
4a13eb225b10088a49d4329300e03bcb1b0f394fd5493ecf63dd5beef4aa3630
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
4e3938359d975b49ca24219f23cf9f4b416dbe9c347cfe8e45c5ea8e6c8d1aae
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
512b2ba688ff2c1d2532eb28d25b5f5a2e0b4b13058debd9966b2c2e7ccd202f
515839ca15e81f931a4ed2e6d53a0267f88d12a813cd59ce18bee17abe1837c9
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
5232056dc8a22734e95ac2a205b7ccdec0416eba47e4234cb9113f1443a6d33c
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56a3251dcdc5c85000a46ab8f8bb567f91fe77663ac1baf4630efdd8aced8c79
56f445b5b69a3a5ad915042eca5f8363f3efd730dbc80ae54083c6b0c14c4794
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5ba644f0fddbedd145f222319852b63c370c3cb827de34c21e5f0823e6d33057
5e28c84350d366bdfe2f975b140ff03da2914afad19d8d72f93626714bbee238
6061fd0cc0344dec41fb7e4bca7451f56ab27f3a94af4790347cd97ea0f9e75a
61bb21a200f5e290a6cf7cd102a30bf77f1179bdbd9b844ee8b9cedfaa3204e4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
676665e427c1a6d9ebf0911a984aceb41a8e409c805cd988f07815269e56a1b2
67c9810ce91d16a590b83e032a954759549152deea006379090e13dd345f2424
67d65d576ba2b75c2cee74ebdaea793f8e8b370ce51fd782a0dc41c33120a899
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6a9d91eee1d1fc2c9ee18e5a696673a518aac7ec131057e02be101b8be455609
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ccaafd36f24fa6e1d74ede568ae09a0f9bea7d4f56b96049aa44282b3276d9b
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
701310875ceb8cc05bde3e114dcd9132031874a54134343fb73d8a3c043fbf4b
7074cb3fadd5faa68093bdff82e7c3d0fdc28e455b9b27735d180db690115da9
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
7215be27dc549fb4ff4f667e8e4cec073f866906c9dfcdc88daa2fd4612b357e
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
73fb5c187e71eaafae15c31f112eb99b27df61d841675fc8ca511397d202629e
740057f74e4d37c475e34e461758bb5490825157294c54c884727ca828a74c9d
762f28d3fd1d85dbd732d5ed3c2c6fc338e87eacdc2e05ab5ff82d12326467dc
772fd45ed221449ec7d38776de16249d9b6ac37fbfc3eb1780e2b4d35f8be13a
77612a131727dcafefa77117e134534a15e067b63116bbdf233771abd3965aa9
7a3fcd53b20a6fdf183b0340f596a6431a280459adb871f43e617cecd5d57681
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7cb98c109af05dee40f059090a26a3007cd62ab4529d9e2a911c4dd6a781fe2e
7cff05014ae17e596f17049ed76aae3390dc947670708637d285a96d1ce62ace
7d14f7695012f02067615441ee9aaf9dbceb41854e0cbcaedfa13d3dfa87ac4c
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7f8e26c6e3747211b9e868590efacffe3e5fda8c33df14ea69aeb09b0270064c
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
8278c001875318d426271428c8e6561ed9d234808ae57d856fae5bb3f5742039
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
851913072ba36e6383ee40856fa3dea9ed4c5f03b4e3effb6a3841aab3840d26
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
86ea61db754ce2a79cc18ab1c47c9d7a455261af8a4a5ac9e944dd2c795286bc
87b9fa7efc94c1145c336dfa8e5b245461d0d2c950996f9b0f0e8ccea0289b72
888ef3f47cdc47f99dcc468d3c42f4b7d90f1e87f5642711f44e9b6f6d27c269
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a3fdd7b7e3f6d2f5559b9bba5cb66b25660235462adb71d5daa9143d665cfcb
8b8ad58cb3d18276cefea6d757c0d5390ebfd513b62e2b003d75d4afde12ee2a
8cba02ae8c6604b473e88fb545d57c6cd10de09922d6962da8e2878d48186681
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ea08df3114b303a43c8e2adfb5c91f2e69462ee8d9713cd8f27c5332e81a493
8ed12b039b09021f444b5466f17e66ee92467082997c6af462e5bbe688170d86
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8ff2dfbd53fcbe7a924065849f3a621b7275fc80dc5c4091e307ff93725b5dde
923b8e0db9f95761f087444fe47d9a8eef8040e80a6d3ca975d6859cbc4fcb70
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9373556c315280b756fbe5e357153b8b34d73c3da1a92367a1018561912d4a3a
93cc545f534a75a876beccc35125e563e20bb9857714482547fc151f07d57595
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
96bd0920a8f9f1eaf6e983c36f9c35f2a3fea8f4df988a5fe12272eddbda08e9
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99a3de1005ce9d9bdefba5834813b56371435f8061342ec1f5c1681500231a0c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9daa39b68f1aeceaea15e6c15c0e80e87aa0165a0084052d5b66eb9ff00ed5f0
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ac660767f0b902644fec786e9321a1fc2f2d50fac439eaaca062fb60d88124
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8b6088276c5f8cdb4ec8ab768aa62222b0c4e678d5a8f71fc62ae172b771b2c
a96edab0ce112e90882ba72d12fafec41308896437cc59987f289bdb8f7f96ff
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
ac63c522d6bc5999523772dd63e8a38f2c51bca9e12d87772d3fe4988d0decd3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae64c4fccf5c2dec69bcfa480b61f7a4b38af9c9effe8de5a86bd000ea88c74b
af4176ae9b1a59f2e5f47158df6400c4cb74d2aa24f33673d9055fe9e3c4a4cf
af5c0b2d7b19aec291c436c3cd870bb64087cc132eb0c5e72f16057f5d91352c
b041458d3e3d9b3a88dd092ef3277d97e742c7d1e150670ecf155f89e40e0bf4
b1380bb5b4283db23b341696b3199f259a27f88104f2776d544bc9ff91ceb725
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b53ae3ea99db48f3316a0dcac761293e0a89dd6a3d7688a4df12d36e0cd9cff7
b592b111bbb977f895c0cbce31969bafbbcda527e3d8f282144c337550a230bd
b6936f15d2b17c3fec4c5d80e6464b9186e9cc604c0b80cb283deaba6cfe2f4f
b767e8a6c870f5dbfcd28bba0964260a651066b697c9b8af4866853d8b95ec47
b796c00ffa6ab2f08b75bbd643f63593f7147981060d9d35b5d0450cfc3e8295
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcbbe59ee508a5eb5391f0d0940e193a737c8f1ad606366e711e6b6f519d5544
bcd40f1e98899df081fc240fae0e02d505e265aadd218faac44087b34fcfbc33
bcfaf811ec70dd33ab185303742bbe4c4e4513de91c8ef3f4ec0802dfe02e2da
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f
c1115d2d729e3025178181fd7ced964bdb6dd3f505e9feb2e8f63ee2431a114f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2a9a90be6e4e5439d7e1da2ceb4c6dac70f681eef95c5587f9a723b97a775fe
c32b8dc20e4c394a7555de32f9399c8b031d3c8bb9c74d268e9f8e0b40f174a9
c370ec52be6ed72c6ea0d99567f6b80e4e60aaac7e80d2dfe718efb35dc1ff11
c422a23ae4dad31a8111fea147f75ede73f821581627f3750c5b2f525aee6152
c478bc96e00b2e4a64241756af7a9fb046590741b6d6a4483b10be4985b3fb56
c501e586ceb51ccd38f6ea2316b6b5f66f78b4e5d1e17172034bf3dec6030223
c5d9f11f95196250f6797acef21bd147fe22a802940735d88ac2a7a9308247ac
c60c7d92d01dffa38cc869e107efebd7adc113f8299f518edd7734aa5625c2f8
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
c8d5f8a3a78bc65572b69f32adf1594a8cdafbf1146696c66accfdcac9373e96
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cd43737c8c876d6c175f20c7ad91d4d61fb193b2d4b1e84e550c29c5251a7d35
cd9c1fce128cb4ccaaf42541edb395b891038aa9f48a6a5d98747ee3bfb4f70e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf986e49f882ab6ffb2ee7d1e0b0bfae3c222bd5052762abec8aa64b0587c489
d0b373163e08476c234e6f6d305908f0a186a1b4465fbf7e0449a59e8a6ce971
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d376da14edd4b42ef773a2325aa00b1a4876929a893179de2ea59ff7153f547d
d516e4641028e8ff59509eb5609cdcb2b296b9aa23020468930226e37f3f4561
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df6363cedd595cea84e1ea78a528c4d83faf4a806a05c7e889ac6171028e1fa4
df79dd6a7ac84baa0b616fdb9c1b188d562051dcc880a1e8be5fb3bf25eb642b
e0923868c5cc73af9b062b1601155c5081a6e04465e6ffef5dfc903adb3b88dc
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e4f532de754c231ce589fe030c862f15de5447a4979b69515e8e6282a7834e91
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e5dbcde39ec1fc3506acc9fd13cdcc2815b146f106f5765d20bd057ae502e27c
e680f84f5a15d5113b3d271f4f26456bbdd12103f70eaaf21ab08ef68aee9753
e6bf8dbfd14e690df25d821b6cd3bb2f4c9a2fe1e27fb295e97b0203caed3e00
e875dd3e43443b7cf22e0594baff463492832444fa9994f0995ff088ad04e577
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e94f7aff84a52704b2d1097b2d92541b10524a20a0f08d4e3486d5cb78cf4f01
ea4019076476224330f3b3f4fa21af893f81abf9e80cb924911e8186167d9042
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec277a147db63d44b9309d114fdf74ef3534f9adf7b6623f37f35d75efebce00
ee6d3b54a9065c8ff1c55528d83a8b11aa932915d3004f3dab2c5355027bbf3f
ee817ee1f50dd35f9dd8530f78dfd4ca87e20be5dcb85ce2388cef0bb6cd9847
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f149af462f82e018fc7ce532123fa087d0aedc05da4631a036726be028bdebf8
f1b2415f02c89234a4b94896afa68c68db82465563711b8b05f0c1b8b3ba580b
f2bb05f69a12fc276ff4aa3fbdbb9dcb5df1d05b17d80e438bdbbb28abf6371a
f486ed417c87d63ef6f2abcc7a8a8863ee231bd885b99943a72a026680d183f8
f6c726428cbda6ece86af80b19c84f88cd3af45d7d4f87dff8a664298bb39b0c
f74858ab6cbc624a9d3b5331b95c315d0851e07372d32d11136ba31777a4aea0
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f8514a30f942ec4b909b893ba9f28790566a48b122df114c8aa360fe375fd6a6
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fd179f3fea0ce3c3476d2bcb799868d1b31e41670588ea19e746f7110103ab5f
fdc10635851f72f43ceacb9d52c0a9798f7ad6a74d296e146fff7f0eb1277e4c
fec1bf5811564121c3bac5792441e70c365ddaff91feab42eddde3e7fc22fc8b