itechnews.co.uk Open in urlscan Pro
134.122.28.59 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Submission: On December 28 via api (December 28th 2021, 3:29:46 am UTC) from US — Scanned from DE

Summary HTTP 298 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 50 IPs in 8 countries across 54 domains to perform 298 HTTP transactions. The main IP is 134.122.28.59, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is itechnews.co.uk.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 13th 2021. Valid for: 3 months.

This is the only time itechnews.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	134.122.28.59 134.122.28.59	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
13	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
32	172.66.41.9 172.66.41.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
14	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
16	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c1b::9c	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
2 6	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
5 5	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 23	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	198.47.127.20 198.47.127.20	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
4 4	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
3 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
3 3	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
2 3	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	64.202.112.255 64.202.112.255	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.154.182.198 54.154.182.198	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	52.57.25.105 52.57.25.105	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.101 38.27.122.101	174 (COGENT-174) (COGENT-174)
2 2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
4	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
48	2606:4700:303... 2606:4700:3039::6815:c09a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:401... 2a00:1450:4019:803::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1 2	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1	51.178.20.139 51.178.20.139	16276 (OVH) (OVH)
1	34.246.39.217 34.246.39.217	16509 (AMAZON-02) (AMAZON-02)
1	173.231.180.197 173.231.180.197	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	54.76.42.233 54.76.42.233	16509 (AMAZON-02) (AMAZON-02)
4	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
3 3	18.196.159.27 18.196.159.27	16509 (AMAZON-02) (AMAZON-02)
4	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	79.137.69.91 79.137.69.91	16276 (OVH) (OVH)
4 4	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:ce41:8ff6:95aa:83	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:303... 2606:4700:3039::6815:c09b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	199.212.255.246 199.212.255.246	25948 (FHMNET) (FHMNET)
16 16	84.200.5.215 84.200.5.215	31400 (ACCELERAT...) (ACCELERATED-IT)
4 4	46.4.41.145 46.4.41.145	24940 (HETZNER-AS) (HETZNER-AS)
4	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
4 4	46.4.62.19 46.4.62.19	24940 (HETZNER-AS) (HETZNER-AS)
4	82.113.101.236 82.113.101.236	6805 (TDDE-ASN1) (TDDE-ASN1)
4	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
298	50

42 134.122.28.59 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: nyc581.mynetns.co.uk

itechnews.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rt3046.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.79 (United Kingdom) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.184.226 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.45 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (United Kingdom) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.255 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.182.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-182-198.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.25.105 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-25-105.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.101 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2606:4700:3039::6815:c09a (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4019:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.91 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.178.20.139 (France)

ASN16276 (OVH, FR)
PTR: ns31193669.ip-51-178-20.eu

gu.dyntrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.39.217 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-39-217.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.180.197 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: ams-delivery-4.sys.adgear.com

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.42.233 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-42-233.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.196.159.27 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-159-27.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 79.137.69.91 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: gcm11.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.191 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:ce41:8ff6:95aa:83 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3039::6815:c09b (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.212.255.246 (Canada)

ASN25948 (FHMNET, CA)

node224.impressionssl.adshop.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 84.200.5.215 (Germany) 16 redirects

ASN31400 (ACCELERATED-IT, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.41.145 (Germany) 4 redirects

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads2.sunbonet.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 82.113.101.132 (Hanau, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.62.19 (Germany) 4 redirects

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads4.sunbonet.de

partner.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 82.113.101.236 (Hanau, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.blau.de

portal.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	ad4m.at as.ad4m.at ad4m.at assets.ad4m.at	658 KB
42	itechnews.co.uk itechnews.co.uk	722 KB
38	doubleclick.net 4 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	64 KB
36	infolinks.com resources.infolinks.com router.infolinks.com rt3046.infolinks.com node224.impressionssl.adshop.infolinks.com	2 MB
30	wp.com c0.wp.com stats.wp.com i1.wp.com i2.wp.com i0.wp.com pixel.wp.com	80 KB
22	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	218 KB
13	pubmatic.com 13 redirects image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com image6.pubmatic.com	4 KB
8	blau.de 4 redirects partner.blau.de portal.blau.de	8 KB
8	o2online.de 4 redirects partner.o2online.de portal.o2online.de	8 KB
8	lead-alliance.net 8 redirects www.lead-alliance.net	6 KB
8	telefonica-partner.de 8 redirects www.telefonica-partner.de	2 KB
8	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	15 KB
7	google.com adservice.google.com www.google.com	1 KB
6	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	7 KB
5	openx.net u.openx.net rtb.openx.net	1 KB
4	awin1.com www.awin1.com	3 KB
4	addthis.com 4 redirects e.dlx.addthis.com	3 KB
4	rubiconproject.com 4 redirects pixel.rubiconproject.com	2 KB
4	quantserve.com cms.quantserve.com	2 KB
4	googletagservices.com www.googletagservices.com	147 KB
4	adnxs.com 4 redirects ib.adnxs.com	4 KB
4	gstatic.com fonts.gstatic.com	130 KB
3	agkn.com 3 redirects d.agkn.com	2 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com	1 KB
3	google.de adservice.google.de	1 KB
2	media.net contextual.media.net lg3.media.net	736 B
2	gemius.pl 2 redirects googlecm.hit.gemius.pl	506 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	677 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	googleapis.com fonts.googleapis.com	3 KB
1	innovid.com ag.innovid.com	297 B
1	mookie1.com odr.mookie1.com	324 B
1	adroll.com 1 redirects d.adroll.com	112 B
1	adgrx.com cm.adgrx.com	408 B
1	demdex.net dpm.demdex.net
1	dyntrk.com gu.dyntrk.com	215 B
1	33across.com ssc-cms.33across.com	72 B
1	rfihub.com 1 redirects p.rfihub.com	759 B
1	bnmla.com match.bnmla.com	114 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	944 B
1	sonobi.com sync.go.sonobi.com	478 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	475 B
1	onetag-sys.com onetag-sys.com	814 B
1	tynt.com de.tynt.com	289 B
1	googleadservices.com partner.googleadservices.com	648 B
1	facebook.com graph.facebook.com	646 B
1	gravatar.com secure.gravatar.com	1 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
298	54

	Domain	Requested by
42	itechnews.co.uk	itechnews.co.uk c0.wp.com
24	assets.ad4m.at	as.ad4m.at
23	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
16	ad4m.at	as.ad4m.at ad4m.at
16	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
14	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com itechnews.co.uk
13	c0.wp.com	itechnews.co.uk
12	pagead2.googlesyndication.com	itechnews.co.uk pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
10	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
10	rt3046.infolinks.com	resources.infolinks.com itechnews.co.uk
8	www.lead-alliance.net	8 redirects
8	www.telefonica-partner.de	8 redirects
8	i2.wp.com	itechnews.co.uk
8	resources.infolinks.com	itechnews.co.uk resources.infolinks.com
5	image8.pubmatic.com	5 redirects
5	i1.wp.com	itechnews.co.uk
4	www.awin1.com	as.ad4m.at
4	portal.blau.de	as.ad4m.at
4	partner.blau.de	4 redirects
4	portal.o2online.de	as.ad4m.at
4	partner.o2online.de	4 redirects
4	node224.impressionssl.adshop.infolinks.com	itechnews.co.uk
4	static-de.ad4mat.net	as.ad4m.at
4	e.dlx.addthis.com	4 redirects
4	pixel.rubiconproject.com	4 redirects
4	image6.pubmatic.com	4 redirects
4	rtb.openx.net	googleads.g.doubleclick.net
4	cms.quantserve.com	googleads.g.doubleclick.net
4	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.googletagservices.com	googleads.g.doubleclick.net
4	prod-rtb.ad4mat.net	itechnews.co.uk
4	ib.adnxs.com	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
3	d.agkn.com	3 redirects
3	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
3	match.adsrvr.org	2 redirects ssum-sec.casalemedia.com
3	ups.analytics.yahoo.com	3 redirects
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com ssum-sec.casalemedia.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	googlecm.hit.gemius.pl	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ap.lijit.com	2 redirects
2	pixel.advertising.com	2 redirects
2	sync.1rx.io	2 redirects
2	image4.pubmatic.com	2 redirects
2	image2.pubmatic.com	2 redirects
2	pixel.wp.com	itechnews.co.uk
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	itechnews.co.uk
1	lg3.media.net
1	contextual.media.net	itechnews.co.uk
1	ag.innovid.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	d.adroll.com	1 redirects
1	cm.adgrx.com	ssum-sec.casalemedia.com
1	dpm.demdex.net	ssum-sec.casalemedia.com
1	gu.dyntrk.com	ssum-sec.casalemedia.com
1	ssc-cms.33across.com	router.infolinks.com
1	p.rfihub.com	1 redirects
1	match.bnmla.com	router.infolinks.com
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	router.infolinks.com
1	b1sync.zemanta.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	u.openx.net	router.infolinks.com
1	onetag-sys.com	router.infolinks.com
1	de.tynt.com	router.infolinks.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	graph.facebook.com	c0.wp.com
1	secure.gravatar.com	itechnews.co.uk
1	i0.wp.com	itechnews.co.uk
1	stats.wp.com	itechnews.co.uk
1	www.googletagmanager.com	itechnews.co.uk
298	77

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
gillion.shufflehound.com
facebook.com
pinterest.com
latesthackingnews.com
www.instagram.com
www.youtube.com
instagram.com
youtube.com
shufflehound.com
cdn.gillion.shufflehound.com
thenextmag.bk-ninja.com
themeforest.net

Subject Issuer	Validity	Valid
itechnews.co.uk cPanel, Inc. Certification Authority	`2021-11-13` - `2022-02-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-15` - `2022-07-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-06` - `2022-01-04`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2021-12-21` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.dyntrk.com R3	`2021-12-22` - `2022-03-22`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
node224.impressionssl.adshop.infolinks.com R3	`2021-11-08` - `2022-02-06`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Frame ID: F3B44CCEF3EA43CF36F7DDAC9588199B
Requests: 127 HTTP requests in this frame

Frame: data://truncated
Frame ID: C55F87AB54C2E18F4B3E990F5E829ECF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 75AC317395D8918E93CA4E2128D34C22
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&adk=1812271804&adf=3025194257&lmt=1640658655&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172378&bpp=2&bdt=552&idt=299&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3061070385866&frm=20&pv=2&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=318
Frame ID: 71BD494ACDD54F0BDBF544171FA73247
Requests: 1 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Frame ID: A590F893823745A95C2F1A73DDA6DD5C
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60
Frame ID: 59D10AEDBDAE473725589629FC20DE5E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3809598800&adf=1056458448&pi=t.aa~a.1617027138~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=1200x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=5&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280&nras=3&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3225&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=QrzhLoCnjk&p=https%3A//itechnews.co.uk&dtd=65
Frame ID: F81642DFEFD7DEA8A8B3F40DC034A56B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=1213588912&adf=2179270891&pi=t.aa~a.272210491~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=1200x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280&nras=4&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=drXYCJJRAW&p=https%3A//itechnews.co.uk&dtd=67
Frame ID: D39E7FE03916659DD34A916FE1E9B113
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70
Frame ID: C38298A9DC24FC66E37D29D17BFBE71B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
Frame ID: 66C83C5A12148085CD0A7EB05A83C976
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3092423418&pi=t.aa~a.665581152~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280&nras=7&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=615&ady=4269&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=AGktn8WsEF&p=https%3A//itechnews.co.uk&dtd=76
Frame ID: 5A91082F7A7D35B64D2AB8343ADBD423
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: 749E5175A89274111513E1B28C1E0CC6
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 8BC887E6E7ABBEDCD393463B03873D16
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 9F2918095646252C5A81E80E7E08047B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Czis-nYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIgCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwjyA7fY_CNwNZKSZVtg6p3Q5W9ZV-ujzzmx_SZwAPXnBLdNC5DLy9gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=vpa4q7tMehU&uach_m=[UACH]&cid=CAQSPACNIrLM3qzP6Gm4T_nBC-AUKCaCsMudld0ASzYBbqEWvBVwBXCrSsesUiCWGPaZWTT6vljNgfqtpJBv3xgB
Frame ID: 504FA7F6F9EF226312757CE376B59549
Requests: 6 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D
Frame ID: 3EADB7AB802BA4BDB6F2371A9313D4AB
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 71F992995EAF1B6030CE31F1659A195B
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CFK6HnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjAJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d5pw5U9Y9isJfJknw0TaVpLZvIUipzA-HKF06qrv7CeTejvyKphngAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=9_n65kcqbOc&uach_m=[UACH]&cid=CAQSPACNIrLMynbGCgTsMs9_HlGMSDwnsqdO7c3NV4WGr9YZ7VFWF-qD2ZL4tD1yWWU1Y5lMbbhX4GlUZH0wiRgB
Frame ID: D3EF65B4A06142BA01202F1E2B5E1A39
Requests: 7 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D
Frame ID: 0C63DA43CF2AF6926326EE089836409E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0B0869460AAE69153B03354F7D7BAEC3
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C4WkvnYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjAJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r4efwCIDaRzOji82R2QgV00mOKPAWNWuEsvrck36EUOnGdmEr5vvgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=KPAjwryOLpI&uach_m=[UACH]&cid=CAQSPACNIrLMCjdEh6e0YKyNCcAn9l3PtypaT0YQih4YS-vEQqaEystG1fdT7T8jpsep8TrWBEbKjE0lLZo7dBgB
Frame ID: 3F2D6AF46F2F68F6A833D1FA0D5176CB
Requests: 7 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D
Frame ID: 48349815C93A363B0F90DDC9F8822FED
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0F09D75918F9D614B3AB41D142F9147B
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C02o_nYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIwCT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDD-GuamxLJFRPWtwR5NHMON7BYwOnquXYhXvBTVRvVs4nwAF7RRdYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTYzNjE4MjIzMjAxODM5MxgA&sigh=1b6CVK34Lso&uach_m=[UACH]&cid=CAQSPACNIrLMtehkbHp-g_vEJ82gEWxOm2_ndm8TpiyEd3Wu6zE3cep2OMbbk0dT1IU2kPDs6OMQ2K2W_xpMlhgB
Frame ID: 761ABD1A1A62E5814E5BD3EDF5915A86
Requests: 7 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D
Frame ID: 876A5164F754B9ED0D6D564E2376F626
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AACDF10C0BC27EE83250C1F8B3B394BB
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=100&adk=888072906&adf=3177920725&pi=t.aa~a.3593296581~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x100&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172995&bpp=1&bdt=1169&idt=2&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280%2C370x280&nras=8&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=4245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=GNBSHmJJtB&p=https%3A//itechnews.co.uk&dtd=297
Frame ID: 058590EAE808B94C12375B59ECFEEA96
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=50&adk=102376551&adf=1448564515&pi=t.aa~a.4087535713~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x50&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662173016&bpp=1&bdt=1189&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280%2C370x280%2C370x100&nras=9&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=8&fsb=1&xpc=VRkRc8Rd8c&p=https%3A//itechnews.co.uk&dtd=282
Frame ID: 94E11844BD5395E02729174AEB04BE44
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 41205F9F90CF28D01BD9D643B3AF052B
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: A856F4984777453A4E83E98D18ED2ABE
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 9D097DAD5CF74075522646DC2CFD4B60
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 562EF1A5688EAA6B309BACF5F0B79053
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Frame ID: 3154A56F55F7D72E48F8A11D4358A683
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Frame ID: 25F6E3EFDD924E3D71C1078C73C62332
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Frame ID: D355462A6811E68115C057D2F99891B3
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Frame ID: F92A8C56C6FAFC4AE3D84C834E43B991
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7D8DEDC9E0340870A42E31B4256E35C5
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F6BCD4606BE090A9DABB5597CB6E85DE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New AvosLocker Ransomware Exploits AnyDesk, Reboots System In Safe Mode | iTech NewsButton (3)Button (3)

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

mailchimp-for-wp/assets/js/forms\.min\.js(?:\?ver=([\d.]+))?

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]
/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

298
Requests

87 %
HTTPS

30 %
IPv6

54
Domains

77
Subdomains

50
IPs

8
Countries

4352 kB
Transfer

8262 kB
Size

71
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/people/@/shufflehound

Search URL Search Domain Scan URL

URL: https://twitter.com/TheShufflehound

Search URL Search Domain Scan URL

URL: http://gillion.shufflehound.com/

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&text=New%20AvosLocker%20Ransomware%20Exploits%20AnyDesk%2C%20Reboots%20System%20In%20Safe%20Mode%20%7C%20iTech%20News

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/bookmarklet/?&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&description=New%20AvosLocker%20Ransomware%20Exploits%20AnyDesk%2C%20Reboots%20System%20In%20Safe%20Mode%20%7C%20iTech%20News

Search URL Search Domain Scan URL

URL: https://latesthackingnews.com/2021/12/28/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Title: New AvosLocker Ransomware Exploits AnyDesk, Reboots System In Safe Mode

Search URL Search Domain Scan URL

URL: https://latesthackingnews.com/
Title: Latest Hacking News

Search URL Search Domain Scan URL

URL: https://facebook.com//
Title: Like 1243

Search URL Search Domain Scan URL

URL: https://twitter.com//
Title: Follow 678

Search URL Search Domain Scan URL

URL: https://www.instagram.com/
Title: Follow 365

Search URL Search Domain Scan URL

URL: https://www.youtube.com/
Title: Subscribe 256

Search URL Search Domain Scan URL

URL: https://facebook.com/#/
Title: Like 1243

Search URL Search Domain Scan URL

URL: https://twitter.com/#/
Title: Follow 678

Search URL Search Domain Scan URL

URL: https://instagram.com/#/
Title: Follow 365

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/#/
Title: Subscribe 256

Search URL Search Domain Scan URL

URL: http://shufflehound.com/

Search URL Search Domain Scan URL

URL: https://shufflehound.com/
Title: Shufflehound.

Search URL Search Domain Scan URL

URL: http://cdn.gillion.shufflehound.com/
Title: About

Search URL Search Domain Scan URL

URL: http://thenextmag.bk-ninja.com/default/
Title: Home

Search URL Search Domain Scan URL

URL: https://themeforest.net/user/bkninja/portfolio
Title: Our Portfolio

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 110

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 112

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkU4N0Y3NTktQURFRC00RDNGLTkzMzUtRDJFNDU3REYwNUVE&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DBE87F759-ADED-4D3F-9335-D2E457DF05ED HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED

Request Chain 113

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=926576732042191180

Request Chain 115

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-nMWYFiFE2uFD.YAscAICW6fWbAHU8Kd6UlBiK10-~A

Request Chain 116

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1106365789 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1106365789 HTTP 302
https://sync.1rx.io/usersync/tradedesk/270e4143-8d51-41c1-9ba1-bc2e170815eb HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003 HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003

Request Chain 117

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 119

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fitechnews.co.uk%252Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%252F&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fitechnews.co.uk%25252Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%25252F%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&pid=12306&adnxs_uid=926576732042191180

Request Chain 121

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP5fc78247-678e-11ec-81d7-06453e459354 HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-T_.gyltE2uFwDG1oIEEQpCPW_kL9orKm~A~UP5fc78247-678e-11ec-81d7-06453e459354

Request Chain 123

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=6282b2704e0937dd1f40c18f

Request Chain 124

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzQ3RUQ1QTYtODM0Qy00NzU3LTk5NUQtMTUwRkNGQ0Q4RTNF&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DBE87F759-ADED-4D3F-9335-D2E457DF05ED HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED

Request Chain 125

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=5142336719260327866

Request Chain 163

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&dcc=t

Request Chain 164

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YcqEnSsMHNxlgAg.-2yrzwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBGzn3XwW7FGTWeNaE4lDsw&google_cver=1&gdpr=1&google_hm=2

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO1PQilEmDufHqpnKt4uIXA&google_cver=1

Request Chain 170

https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

Request Chain 181

https://d.agkn.com/pixel/2175/?google_gid=CAESEElYOCIVmyfH2NMVp7xH4Kc&google_cver=1&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA&google_hm=Q0FFU0VFbFlPQ0lWbXlmSDJOTVZwN3hINEtj

Request Chain 183

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIFxnGeHWCixcqTYipDJ_EI&google_cver=1&google_push=AYg5qPJl7oAlyrjnWTV5NMsIehsPOvoksgJuWKO3rmSD8JQBdQnpin77AmsjlKS8Ont9lrAbI5r4bwSeW8MFp81YMgozlpi9t1hv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl7oAlyrjnWTV5NMsIehsPOvoksgJuWKO3rmSD8JQBdQnpin77AmsjlKS8Ont9lrAbI5r4bwSeW8MFp81YMgozlpi9t1hv

Request Chain 184

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAZZqHgoIyJ2iZX2XkTaO6A&google_cver=1&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2SXRsxxvrECUkFqTLFpgBdHSuE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtQS00RlZL&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2SXRsxxvrECUkFqTLFpgBdHSuE

Request Chain 185

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1

Request Chain 186

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJdNIyDG_w6SZ_JjmBTQX0o&google_cver=1&google_push=AYg5qPL5YqD40aSiOU353ttCgBXR3VYQlfbqW5ADoN49jKXgtE5AjrKau3PuDWv63oFnbDJUB7MI1LqmSzChQqtFbiKYQKG5O2zNKdE HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5YqD40aSiOU353ttCgBXR3VYQlfbqW5ADoN49jKXgtE5AjrKau3PuDWv63oFnbDJUB7MI1LqmSzChQqtFbiKYQKG5O2zNKdE&google_hm=

Request Chain 189

https://d.agkn.com/pixel/2175/?google_gid=CAESEIq03ZzSimR7DclZpiCsDbU&google_cver=1&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS&google_hm=Q0FFU0VJcTAzWnpTaW1SN0RjbFpwaUNzRGJV

Request Chain 190

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvAPOVS1KD0Qs_mZNhw6zR0Ronlf-9e4&google_gid=CAESEINlBK8FRIyuIo10EVfQykE&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvAPOVS1KD0Qs_mZNhw6zR0Ronlf-9e4&google_gid=CAESEINlBK8FRIyuIo10EVfQykE&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDA5NzM2MTAxMzY1Ng%3D%3D&google_push=AYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvAPOVS1KD0Qs_mZNhw6zR0Ronlf-9e4

Request Chain 192

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEjCHj8OidkbR7ZW8Ny57QE&google_cver=1&google_push=AYg5qPKrAFkRTrd2QJW2pwRyvVmq0xeYOfy6v13vIzRBOXkpdMuBjcgjc2W0JR3qyk2jvZoYiwp89Vb2-g_saiJrULjooMkBjlfZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKrAFkRTrd2QJW2pwRyvVmq0xeYOfy6v13vIzRBOXkpdMuBjcgjc2W0JR3qyk2jvZoYiwp89Vb2-g_saiJrULjooMkBjlfZ

Request Chain 193

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDLstOeVWIV4WVgBOhzvZEM&google_cver=1&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GVwaFrOkH0Z3h6jFY-4q5jz-ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtMUItSlU5WA==&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GVwaFrOkH0Z3h6jFY-4q5jz-ew

Request Chain 194

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0&google_cver=1&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0

Request Chain 197

https://d.agkn.com/pixel/2175/?google_gid=CAESEA13i1qGmSnG5yUoUj6azuQ&google_cver=1&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg&google_hm=Q0FFU0VBMTNpMXFHbVNuRzV5VW9VajZhenVR

Request Chain 199

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHbR6ksdORIoG8iLQA5PjfM&google_cver=1&google_push=AYg5qPLxbdPbs7ysbVTGe3AcHxP_VM0EVaTvUZUY9H8hoTKPHd7M6eJ6MwMle_KS1px4tRWptkkRrLUJotZshBonAqO842gPLwfF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLxbdPbs7ysbVTGe3AcHxP_VM0EVaTvUZUY9H8hoTKPHd7M6eJ6MwMle_KS1px4tRWptkkRrLUJotZshBonAqO842gPLwfF

Request Chain 200

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDRk5kxIijGZyN8dLUJAEMI&google_cver=1&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW8hKnNlT8OpcM73yTQ8EoeWAJUrw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtUi05M09N&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW8hKnNlT8OpcM73yTQ8EoeWAJUrw

Request Chain 201

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ7tXyESzV16TEgTljROKZI&google_cver=1&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI

Request Chain 202

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN4bwzUYcGXyMpQUIfjr7Lo&google_cver=1&google_push=AYg5qPLIONLt06BV0JJsELiWy_-Ko3RaGBHcVDqjA7XjErMQhlhhSWo3BnoeITj0UDnubQoiUAqv8KqMT5CG1KJI1O3xxmyGAzEuK6k HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLIONLt06BV0JJsELiWy_-Ko3RaGBHcVDqjA7XjErMQhlhhSWo3BnoeITj0UDnubQoiUAqv8KqMT5CG1KJI1O3xxmyGAzEuK6k&google_hm=

Request Chain 205

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwTIvGofJu41CueFDdv5lw0DpbqsiDcE&google_gid=CAESEIEHUcSi7zVx5eQNvm6usLI&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwTIvGofJu41CueFDdv5lw0DpbqsiDcE&google_gid=CAESEIEHUcSi7zVx5eQNvm6usLI&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDAxMTE1NTMxOTMwMA%3D%3D&google_push=AYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwTIvGofJu41CueFDdv5lw0DpbqsiDcE

Request Chain 208

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFlCHZXHwVPdqjhKUNdB3Dw&google_cver=1&google_push=AYg5qPK0xLMbGgGkQwbBtMSgiSyDU7rc9oC5czMhwiny36YZfj4O38DhIyicZZah4FO1_kuEUwo_QBvdrtmcR-eOwyoHUGulomc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK0xLMbGgGkQwbBtMSgiSyDU7rc9oC5czMhwiny36YZfj4O38DhIyicZZah4FO1_kuEUwo_QBvdrtmcR-eOwyoHUGulomc

Request Chain 209

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEISiMMglH-umsxM3n7twrGU&google_cver=1&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilYyqTB3sfFtgdoIEKmQshGB2DdT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVotUi00Tk9E&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilYyqTB3sfFtgdoIEKmQshGB2DdT

Request Chain 252

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&spid=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211 HTTP 302
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24

Request Chain 255

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669329X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush HTTP 302
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669329X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752

Request Chain 262

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&spid=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211 HTTP 302
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24

Request Chain 265

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669331X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush HTTP 302
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669331X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752

Request Chain 272

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&spid=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211 HTTP 302
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24

Request Chain 275

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush HTTP 302
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752

Request Chain 282

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&spid=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211 HTTP 302
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24

Request Chain 285

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669315X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush HTTP 302
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669315X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752

298 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/ 174 KB
27 KB 452ms
250ms Document
text/html 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed / PHP/7.2.34
Resource Hash: eef00667f3ac7bc4cd2382084c3d1eb09a42d7443f29e45a2d1ae12b329c2019

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-powered-by: PHP/7.2.34
cache-control: no-cache
wpo-cache-status: cached
last-modified: Tue, 28 Dec 2021 02:30:55 GMT
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Tue, 28 Dec 2021 03:29:31 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET
H2 200 widget.css
itechnews.co.uk/wp-content/plugins/login-with-ajax/widget/ 3 KB
1 KB 98ms
94ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/login-with-ajax/widget/widget.css?ver=3.1.10
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: c0f26e64dc9d9cc394d163cf49fca788ed6d6043e4fad07c93317be46d0c8ba8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 18 Apr 2020 23:34:28 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1110
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 style.css
itechnews.co.uk/wp-content/plugins/gutenberg/build/block-library/ 49 KB
7 KB 100ms
95ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/gutenberg/build/block-library/style.css?ver=1601161284
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 0b2ba63205e57add8fb133d11b5f55af89f91317a2534ee469ff99fce9714058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:24 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7209
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 styles.css
itechnews.co.uk/wp-content/plugins/contact-form-7/includes/css/ 2 KB
675 B 100ms
95ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 892af9f95c881cde5c6c1810e0f45e4687174a1171504c96b36218dd54bb1486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:19 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 619
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 rs6.css
itechnews.co.uk/wp-content/plugins/revslider/public/assets/css/ 57 KB
11 KB 101ms
95ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.2
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 3d2c706c6c0d79356ebb6152ae1e607d31cccff9895043e31ca7f6d34cd79ae1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:22:10 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 11649
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 theme-my-login.min.css
itechnews.co.uk/wp-content/plugins/theme-my-login/assets/styles/ 1 KB
440 B 190ms
184ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/theme-my-login/assets/styles/theme-my-login.min.css?ver=7.1.1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: f77676010af045f74f15412f1ca9b418478066304101556281c5b4e162932525

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sun, 28 Jun 2020 00:36:25 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 384
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 font-awesome.min.css
itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 30 KB
7 KB 103ms
98ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:22 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 6657
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 front.css
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/css/ 9 KB
2 KB 192ms
186ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/css/front.css?v=1.2.5&ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 87bdc85dd639f6ccfe34b64d7d886a1d3f3b5195978b6cabf9121e2455a1ec6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1856
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 common.css
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/css/ 4 KB
909 B 191ms
186ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/css/common.css?v=1.2.5&ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 3be88f7572d3f911fe1943426ad89e2ed1a8c2d9ab039a909f444d424fd79041

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 853
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 47ms
18ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&display=fallback&ver=5.4.8

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7487931ead50af6bd83227ba789659a9a20957981eee821b31012d2f6b3def7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://itechnews.co.uk/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 28 Dec 2021 02:17:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 28 Dec 2021 03:29:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Dec 2021 03:29:31 GMT

GET
H2 200 bootstrap.min.css
itechnews.co.uk/wp-content/themes/zzz/css/plugins/ 118 KB
18 KB 191ms
186ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins/bootstrap.min.css?ver=3.3.4
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:23 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 18272
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 plugins.css
itechnews.co.uk/wp-content/themes/zzz/css/ 76 KB
13 KB 103ms
98ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins.css?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: bd2627a04f12a741911cd403cc8b1386a3a57bd760d3808f81c32df1c1d994e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:23 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12865
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 style.css
itechnews.co.uk/wp-content/themes/zzz/ 286 KB
44 KB 194ms
190ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/style.css?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 31fce9578dbfe27431a0270b5b32100b1585ce56ea0e8ec117008bb061c25046

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:24 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 45150
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 responsive.css
itechnews.co.uk/wp-content/themes/zzz/css/ 4 KB
952 B 280ms
275ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/css/responsive.css?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 56d1d9c225937fdd1f4ce3584a05346febf1e5321777bfab6b281c44c5db5e10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:23 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 919
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 gillion-dynamic-styles.css
itechnews.co.uk/wp-content/uploads/ 11 KB
3 KB 191ms
187ms Stylesheet
text/css 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/uploads/gillion-dynamic-styles.css?ver=805236120
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: a361f60e6ea846c417095bc9b92f09fa67a4286e4eeed9d5bed24ff2b46c2805

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sun, 01 Nov 2020 17:09:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2600
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 59 KB
2 KB 49ms
21ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,regular,500,600,700,800,300italic,italic,500italic,600italic,700italic,800italic%7CMontserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&subset=latin

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d07fe30c1657702241a363bff69663888bc5623571f59bd235e522c50a1a0b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://itechnews.co.uk/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 28 Dec 2021 03:29:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 28 Dec 2021 03:29:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Dec 2021 03:29:31 GMT

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/8.9.2/_inc/social-logos/ 12 KB
8 KB 34ms
8ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/social-logos/social-logos.min.css

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 30 Jun 2020 14:24:10 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/8.9.2/css/ 75 KB
13 KB 36ms
10ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/css/jetpack.css

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 25 Aug 2020 15:45:57 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 jquery.js Show response
c0.wp.com/c/5.4.8/wp-includes/js/jquery/ 95 KB
32 KB 36ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.8/wp-includes/js/jquery/jquery.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.4.8/wp-includes/js/jquery/ 10 KB
4 KB 36ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.8/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 login-with-ajax.js Show response
itechnews.co.uk/wp-content/plugins/login-with-ajax/widget/ 5 KB
1 KB 281ms
277ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/login-with-ajax/widget/login-with-ajax.js?ver=3.1.10
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: a7a8414bd2323e5e3c384ebd09faacd20b4bfc413d14dd39d268edac3dbcd702

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 18 Apr 2020 23:34:28 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1383
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/8.9.2/_inc/build/related-posts/ 5 KB
2 KB 43ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/build/related-posts/related-posts.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 16 Jun 2020 16:13:55 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 medianetAdInjector.js Show response
itechnews.co.uk/wp-content/plugins/media-net-ads-manager/js/ 741 B
343 B 280ms
276ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.4
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:34 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 287
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 rbtools.min.js Show response
itechnews.co.uk/wp-content/plugins/revslider/public/assets/js/ 121 KB
45 KB 277ms
275ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.0
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 84569c21aafc5b59c74756c75648de4c4564f7733bc1128b0f259ca4191edf77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:22:10 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 45978
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 rs6.min.js Show response
itechnews.co.uk/wp-content/plugins/revslider/public/assets/js/ 285 KB
70 KB 279ms
276ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.2
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 48ea29f1197c91fa6ae6707b59b411b7b4ba78a8c7d00f76c6a669ee12a00e2f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:22:10 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 71506
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 57ms
30ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162749090-2

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dca128b30eede3d47f85c3b1a09e43831cbf456320bb96d1ede8e86d8a2349a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36170
x-xss-protection: 0
last-modified: Tue, 28 Dec 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 28 Dec 2021 03:29:31 GMT

GET
H2 200 plugins.js Show response
itechnews.co.uk/wp-content/themes/zzz/js/ 274 KB
67 KB 278ms
276ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/js/plugins.js?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 4c80362ba5242b25bffcdc4706be818565e331f0925bd08f0d33218c15869e95

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:24 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 68089
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 scripts.js Show response
itechnews.co.uk/wp-content/themes/zzz/js/ 57 KB
10 KB 279ms
277ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/js/scripts.js?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: fee2db465f0790658c71eea0121359802815e944773874a4a8d86aac04c37500

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:24 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10301
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 52ms
28ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3559d2b0660593800b2c1d6ec80541bb0116ba449a1be2c9263bf89520c8cfdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51751
x-xss-protection: 0
server: cafe
etag: 10896458062486779972
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Dec 2021 03:29:32 GMT

GET
H3 200 wp-emoji-release.min.js Show response
itechnews.co.uk/wp-includes/js/ 14 KB
4 KB 97ms
97ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-includes/js/wp-emoji-release.min.js?ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 956fa56f513e1a8025bc85f9314a1747eb061d434403393591145e4ae898c694

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Thu, 15 Apr 2021 06:23:17 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4272
expires: Tue, 04 Jan 2022 03:29:32 GMT

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 52ms
21ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8aa062fba6f3cd9ce1b8cf732f5aac75b2f239685ca7f26ca63aecf4136f35ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b46e5a17694f-FRA
date: Tue, 28 Dec 2021 03:29:31 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 23 Dec 2021 14:48:04 GMT
server: cloudflare
age: 2442
etag: W/"d74-5d3d15363d81c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 28 Dec 2021 03:48:49 GMT

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/8.9.2/_inc/build/photon/ 758 B
425 B 26ms
21ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/build/photon/photon.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 scripts.js Show response
itechnews.co.uk/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 266ms
263ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: a0ea735f765d5bc1230beb63bcb701b69c80d77c48572a61bb159a8915903278

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:19 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3660
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 theme-my-login.min.js Show response
itechnews.co.uk/wp-content/plugins/theme-my-login/assets/scripts/ 2 KB
705 B 266ms
262ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/theme-my-login/assets/scripts/theme-my-login.min.js?ver=7.1.1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 5cbaa50905cbfd614dc889e6155550145a3ed92a0085f7cbfcdd5df69145dfdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sun, 28 Jun 2020 00:36:25 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 672
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 smush-lazy-load.min.js Show response
itechnews.co.uk/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 266ms
263ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.7.0
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: f3b9ef807d3988e8ce73d3012e2f19cab12503a411c79719959f42cb8728f566

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:53 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3663
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 front.js Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/js/ 10 KB
2 KB 267ms
263ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/js/front.js?v=1.2.5&ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 592031b66c7d6ee6d4b17aae360c0e817b4fa0ccef42467e33183086854192c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2046
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 lottie.min.js Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/ 243 KB
58 KB 267ms
264ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 1bccdb9d5ae278996857f388e8a088a552af3f9b961b1a89e7dfd9ef0fcc8400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:46 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 59748
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 postmessage.min.js Show response
c0.wp.com/p/jetpack/8.9.2/_inc/build/ 9 KB
4 KB 25ms
21ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/build/postmessage.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

96cae96a73c65ceed190aa0b4a9a86f0233798e9a17f27ca57855f4f79ebf678

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 jquery.jetpack-resize.min.js Show response
c0.wp.com/p/jetpack/8.9.2/_inc/build/ 3 KB
1 KB 25ms
21ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/build/jquery.jetpack-resize.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 queuehandler.js Show response
c0.wp.com/p/jetpack/8.9.2/modules/likes/ 11 KB
3 KB 24ms
20ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/modules/likes/queuehandler.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

662d1c6d95e756bcf34dd1d42e596ab85b541d1ce3cab70d9964ac3f6090bb7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 28 Jul 2020 17:06:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 effect.min.js Show response
c0.wp.com/c/5.4.8/wp-includes/js/jquery/ui/ 13 KB
5 KB 24ms
21ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.8/wp-includes/js/jquery/ui/effect.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c7f5e3b0b3a282b46aa5bbd5e7952b90ce98d0d1d214b3308d9abb6053becd92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Fri, 26 Mar 2021 18:21:57 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 bootstrap.min.js Show response
itechnews.co.uk/wp-content/themes/zzz/js/plugins/ 36 KB
9 KB 266ms
263ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/js/plugins/bootstrap.min.js?ver=3.3.4
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:24 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 9523
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.4.8/wp-includes/js/ 1 KB
719 B 20ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.8/wp-includes/js/wp-embed.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Fri, 05 Feb 2021 03:12:12 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.4.8/wp-includes/js/ 2 KB
1 KB 20ms
18ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.4.8/wp-includes/js/comment-reply.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4f00ec40b144121114b6cec693fccc2b51a06ab01fc34defa466467b581a7f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Fri, 26 Mar 2021 18:21:57 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 forms.min.js Show response
itechnews.co.uk/wp-content/plugins/mailchimp-for-wp/assets/js/ 7 KB
3 KB 264ms
263ms Script
application/javascript 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/mailchimp-for-wp/assets/js/forms.min.js?ver=4.8.1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Sat, 26 Sep 2020 23:01:32 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2583
expires: Tue, 04 Jan 2022 03:29:31 GMT

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/8.9.2/_inc/build/sharedaddy/ 8 KB
2 KB 21ms
19ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/8.9.2/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 28 Dec 2021 03:29:31 GMT
content-encoding: br
last-modified: Tue, 27 Aug 2019 13:22:22 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Wed, 28 Dec 2022 03:29:31 GMT

GET
H2 200 e-202152.js Show response
stats.wp.com/ 9 KB
3 KB 31ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202152.js
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn
date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 18 Dec 2022 23:43:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162749090-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1706
date: Tue, 28 Dec 2021 03:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 28 Dec 2021 05:01:06 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 41ms
14ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,regular,500,600,700,800,300italic,italic,500italic,600italic,700italic,800italic%7CMontserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:18:02 GMT
x-content-type-options: nosniff
age: 310290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:18:02 GMT

GET
H3 200 fontawesome-webfont.woff2
itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/ 75 KB
76 KB 98ms
97ms Font
font/woff2 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://itechnews.co.uk/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
last-modified: Sat, 26 Sep 2020 23:01:22 GMT
server: LiteSpeed
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 77160
expires: Tue, 04 Jan 2022 03:29:32 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 35ms
8ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 07:59:11 GMT
x-content-type-options: nosniff
age: 588621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 21 Dec 2022 07:59:11 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 43ms
17ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&display=fallback&ver=5.4.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:52:02 GMT
x-content-type-options: nosniff
age: 308250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:52:02 GMT

GET
H3 200 Simple-Line-Icons.ttf
itechnews.co.uk/wp-content/themes/zzz/fonts/ 52 KB
30 KB 235ms
234ms Font
font/ttf 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/fonts/Simple-Line-Icons.ttf?v=2.2.2
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins.css?ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 937e59152189ecedb8688efcd8b927fc40d43b5c5225a05a25f4cf537ad8ca7c

Request headers

Referer: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins.css?ver=5.4.8
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Tue, 21 Apr 2020 22:20:23 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 31006
expires: Tue, 04 Jan 2022 03:29:32 GMT

GET
H3 200 themify.woff
itechnews.co.uk/wp-content/themes/zzz/fonts/ 55 KB
55 KB 273ms
272ms Font
font/woff 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/fonts/themify.woff?-fvbane
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins.css?ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7

Request headers

Referer: https://itechnews.co.uk/wp-content/themes/zzz/css/plugins.css?ver=5.4.8
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
last-modified: Tue, 21 Apr 2020 22:20:23 GMT
server: LiteSpeed
vary: User-Agent
content-type: font/woff
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 56108
expires: Tue, 04 Jan 2022 03:29:32 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v27/ 47 KB
47 KB 47ms
21ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&display=fallback&ver=5.4.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 308712
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47836
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 13:44:20 GMT

GET
DATA 200
OK truncated Show response
/ Frame C55F 37 B
37 B Document
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests: 1
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 /
itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/ 64 KB
64 KB 248ms
247ms Image
text/html 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed / PHP/7.2.34
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
last-modified: Tue, 28 Dec 2021 02:30:55 GMT
server: LiteSpeed
x-powered-by: PHP/7.2.34
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-cache
wpo-cache-status: cached

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://itechnews.co.uk
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 400 22.jpg
i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10144ms
10126ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/22.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 23.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10149ms
10126ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/23.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 24-1.jpg
i0.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10146ms
10127ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/24-1.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 116.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/04/ 87 B
87 B 10149ms
10126ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/04/116.jpg?resize=420%2C265&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H3 200 facebook_placeholder.png
itechnews.co.uk/wp-content/themes/zzz/img/ 308 B
352 B 227ms
227ms Image
image/png 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://itechnews.co.uk/wp-content/themes/zzz/img/facebook_placeholder.png
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/themes/zzz/style.css?ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 647742cbd8b9ea0a3e84df93fe3f208a90b461f932405f8833deb2eb06ce3312

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/wp-content/themes/zzz/style.css?ver=5.4.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
last-modified: Tue, 21 Apr 2020 22:20:24 GMT
server: LiteSpeed
vary: User-Agent
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 308
expires: Tue, 04 Jan 2022 03:29:32 GMT

GET
H2 400 Facebook.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/02/ 87 B
87 B 10151ms
10130ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/02/Facebook.jpg?fit=400%2C479&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 3
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
99 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5636182232018393&plah=itechnews.co.uk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Dec 2021 03:29:32 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 75AC 11 KB
5 KB 31ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 27 Dec 2021 18:37:20 GMT
expires: Mon, 10 Jan 2022 18:37:20 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 31932
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 400 w1.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10130ms
10130ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/w1.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 w0.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10126ms
10126ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/w0.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 27.jpg
i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10127ms
10127ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/27.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 1
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=208162374&t=pageview&_s=1&dl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&ul=en-us&de=UTF-8&dt=New%20AvosLocker%20Ransomware%20Exploits%20AnyDesk%2C%20Reboots%20System%20In%20Safe%20Mode%20%7C%20iTech%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=146280767&gjid=119382792&cid=976202078.1640662172&tid=UA-162749090-2&_gid=352527490.1640662172&_r=1&gtm=2ouc10&did=dZTNiMT&gdid=dZTNiMT&z=1493786837

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://itechnews.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://itechnews.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ 207 KB
67 KB 22ms
22ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b471adb0694f-FRA
date: Tue, 28 Dec 2021 03:29:32 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 22 Dec 2021 13:55:23 GMT
server: cloudflare
age: 5378
etag: W/"33cd8-5d3bc792394e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 27 Jan 2022 01:59:53 GMT

GET
H3 404 big-logo-e1594687194230.png
itechnews.co.uk/wp-content/uploads/2020/07/ 64 KB
64 KB 12007ms
12006ms Image
text/html 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://itechnews.co.uk/wp-content/uploads/2020/07/big-logo-e1594687194230.png
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed / PHP/7.2.34
Resource Hash: fb32b904b12b2acb2e467f605f463d14966514559c71487bebd004ffdf0ba353

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:44 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.2.34
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
link: <https://itechnews.co.uk/wp-json/>; rel="https://api.w.org/"
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 d70a24bc5a0f4a825d392abc55baebe1
secure.gravatar.com/avatar/ 900 B
1 KB 30ms
7ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/d70a24bc5a0f4a825d392abc55baebe1?s=28&d=mm&r=g
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1b0f3ac9857fb76484d33f90071ea4dd7574cbbc535b7f2afa69c50be3590598

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 28 Dec 2021 03:29:32 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="d70a24bc5a0f4a825d392abc55baebe1.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/d70a24bc5a0f4a825d392abc55baebe1?s=28&d=mm&r=g>; rel="canonical"
content-length: 900
expires: Tue, 28 Dec 2021 03:34:32 GMT

GET
H3 200 / Show response
itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/ 2 KB
1 KB 6017ms
6017ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.8/wp-includes/js/jquery/jquery.js

Protocol

Security

QUIC, , AES_128_GCM

Server

134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

nyc581.mynetns.co.uk

Software

LiteSpeed / PHP/7.2.34

Resource Hash

f71ede9904bc25f1d819435f2b72d9f7017a5802027ff12fabee6a3bbe35ebac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: LiteSpeed
x-powered-by: PHP/7.2.34
x-pingback: https://itechnews.co.uk/xmlrpc.php
content-type: application/json; charset=utf-8
cache-control: no-store, no-cache, must-revalidate
wpo-cache-status: not cached
wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
vary: Accept-Encoding,User-Agent
content-length: 752
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 pml-15.png
i2.wp.com/itechnews.co.uk/wp-content/uploads/2021/12/ 200 B
507 B 19ms
19ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2021/12/pml-15.png?resize=11%2C12&ssl=1

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

cbeb68ab05ba2a4acb199b7e21b17b76df29e1fe476d12354c40420aad0876ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: MISS hhn 4
date: Tue, 28 Dec 2021 03:29:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Dec 2021 03:29:32 GMT
server: nginx
etag: "eb16c7caa20a7eca"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://itechnews.co.uk/wp-content/uploads/2021/12/pml-15.png>; rel="canonical"
content-length: 200
expires: Thu, 28 Dec 2023 15:29:32 GMT

GET
H2 400 25-1.jpg
i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10024ms
10024ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/25-1.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 3
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 featured-image.jpg
i1.wp.com/itechnews.co.uk/wp-content/uploads/2019/11/ 87 B
87 B 10128ms
10127ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2019/11/featured-image.jpg?resize=80%2C80&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 3
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 4.jpg
i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10128ms
10128ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/4.jpg?resize=420%2C265&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 3
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 21-1.jpg
i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/ 87 B
87 B 10127ms
10127ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/21-1.jpg?resize=420%2C265&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: EXPIRED hhn 2
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H2 400 blueleaks-exposes-sensitive-files-from-hundreds-of-police-departments.png
i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/06/ 87 B
87 B 10129ms
10129ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/06/blueleaks-exposes-sensitive-files-from-hundreds-of-police-departments.png?resize=420%2C265&ssl=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i2.wp.com
Software: nginx /
Resource Hash: 3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-nc: MISS hhn 1
date: Tue, 28 Dec 2021 03:29:42 GMT
server: nginx
content-type: text/html; charset=utf-8

GET
H3 200 1.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 24 KB
3 KB 101ms
101ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/1.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 5c70cba485e2fbfef7bdc9ca2e6958548629b7c379991b0090dd248dba19b87e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 2618

GET
H3 200 2.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 36 KB
3 KB 101ms
100ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/2.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 5d8e7a97d736a95385d71197ebe69497317842b76b58683cd91ab7ee38f0e3c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 3408

GET
H3 200 3.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 37 KB
4 KB 101ms
100ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/3.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 676484970866e065257f99f7e656ac1d25ada3604f5f21820119d04dc0f2a72e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 3878

GET
H3 200 4.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 27 KB
3 KB 103ms
102ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/4.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: aae49be2874a769e7f14f3fb6207bd6d3db2b053a4594c3c0e9540ef519e8d5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 2548

GET
H3 200 5.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 25 KB
2 KB 105ms
104ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/5.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 395c499e275937e59b349cd11502815e2df98a29f49d06ea2748cde30acef7f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 2488

GET
H3 200 6.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 23 KB
3 KB 101ms
101ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/6.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: 9e845ffe5c14b9cecf7d5311a0dc5c23bd900e0e195839f023bc32a2cf9115d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 2610

GET
H3 200 7.json Show response
itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/ 19 KB
2 KB 103ms
103ms XHR
application/json 134.122.28.59
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/emojis/json/7.json?v=wpra_lite_options/data.json
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/wp-reactions-lite/assets/vendor/lottie/lottie.min.js?v=1.2.5&ver=5.4.8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 134.122.28.59 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: nyc581.mynetns.co.uk
Software: LiteSpeed /
Resource Hash: e4e42c898e2aa24f768cd99b5dfd7a0e3cff53f84ef6418cbb8f4b459b8b0257

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: br
last-modified: Mon, 26 Oct 2020 14:23:47 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
content-type: application/json
accept-ranges: bytes
content-length: 2023

GET
H2 200 / Show response
graph.facebook.com/ 244 B
646 B 58ms
32ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&_=1640662172144

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.4.8/wp-includes/js/jquery/jquery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a53cb90cd8918ced4784f542d32238e9e070c6a07cef3199b559c2b4bda3dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004896977
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 182
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 7PX8QrMJ0U1OuQHGKQlEWeMjNuNopaFDBUqv+30ST3zGtbQCHm0xj4lDZmhxhv11nHQYKZF5OGP4nSZK1qe/MQ==
x-fb-trace-id: Bn1k9SVuWCH
date: Tue, 28 Dec 2021 03:29:32 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AekBFEVtdJR5ymHAGk49wR2
cache-control: no-store
facebook-api-version: v5.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 7ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.7741176352415817
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:32 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 7ms
7ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.9.2&blog=176103297&post=321708&tz=0&srv=itechnews.co.uk&host=itechnews.co.uk&ref=&fcp=944&rand=0.28385883503748444
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:32 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
439 B 73ms
22ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-162749090-2&cid=976202078.1640662172&jid=146280767&gjid=119382792&_gid=352527490.1640662172&_u=YGBACUAABAAAAC~&z=1562339749

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://itechnews.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 28 Dec 2021 03:29:32 GMT
content-type: text/plain
access-control-allow-origin: https://itechnews.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
648 B 39ms
15ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=itechnews.co.uk&callback=_gfp_s_&client=ca-pub-5636182232018393

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5636182232018393&plah=itechnews.co.uk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

2a2591598b080930120456339385c6810262d89dbbad675053edd8b5913cc8ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 41ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&tn=DIV&cls=sh-page-loader%20sh-table%20sh-page-loader-style-cube-folding&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 71BD 28 KB
6 KB 108ms
92ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&adk=1812271804&adf=3025194257&lmt=1640658655&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172378&bpp=2&bdt=552&idt=299&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3061070385866&frm=20&pv=2&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=318

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56302eb2b417d169ff7ab6f2dc2b1a171d115f48bfd56d259c42cd8f3dadcc92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:32 GMT
server: cafe
content-length: 5721
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:32 GMT
cache-control: private

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame A590 9 KB
2 KB 128ms
113ms Document
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b713385273fc126cde20add9733bc4b0679ac522fc2aab5d75a0b2a8f5d1cbbf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b474283a694f-FRA
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
52 B 123ms
112ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:32 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c47b474283c694f-FRA
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 329 B
517 B 189ms
180ms Script
text/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3255211&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&jsv=1775.005-3.025.ab.1774.006-3.025&_cb=16406621728180
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d51f0fa226b273c81585170fd7fd24a241d6428744fb3b2d6849eac657cf4e95

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cache-control: max-age=0
cf-ray: 6c47b474283e694f-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 59D1 31 KB
12 KB 146ms
146ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

386fa71cebfc5d5271f0b43f2a327cd7be07b02cb3adcdaf306a8b677026e94c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 12346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F816 436 B
237 B 131ms
131ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3809598800&adf=1056458448&pi=t.aa~a.1617027138~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=1200x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=5&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280&nras=3&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3225&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=QrzhLoCnjk&p=https%3A//itechnews.co.uk&dtd=65

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3a149bf1fb7fdae52fa9c27d20f5214a688fcca22673bc5e431b20a2467c3af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D39E 436 B
237 B 125ms
125ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=1213588912&adf=2179270891&pi=t.aa~a.272210491~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=1200x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280&nras=4&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3625&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=drXYCJJRAW&p=https%3A//itechnews.co.uk&dtd=67

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5705bac555461372c5bc88b9c0e7d3055534e5ede7871801f3e6843eecfb5f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C382 31 KB
12 KB 139ms
139ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d353b5eb448c1407a9ad64a2d642ba5319a834f04501f90e28174fcd4025093

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 12328
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66C8 31 KB
12 KB 140ms
139ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83ca54c96d86453e5237d08ba75d701c43a34a59da8d40e2bb9eae5d7eb69673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 12373
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5A91 31 KB
12 KB 122ms
122ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3092423418&pi=t.aa~a.665581152~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280&nras=7&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=615&ady=4269&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=AGktn8WsEF&p=https%3A//itechnews.co.uk&dtd=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75c84572dacefe237bf3c672844409f4860fbcb1f4c96cfb00b4b894fe5fb11a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 12192
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private

POST
H2 200 doq.htm Show response
rt3046.infolinks.com/action/ 2 KB
2 KB 281ms
250ms XHR
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/doq.htm?pcode=utf-8&r=16406621731081
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5487130102cbb465700ac57ad01a84719e28fa09c57c6cce0882b8757eb6195c

Request headers

Referer: https://itechnews.co.uk/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
x-application-context: application:prod
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-language: de-DE
access-control-allow-origin: https://itechnews.co.uk
cache-control: no-cache,no-store
access-control-allow-credentials: true
cf-ray: 6c47b4762f6cd6bd-FRA
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
de.tynt.com/deb/ Frame 749E 75 B
289 B 334ms
109ms Document
text/html 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Wed, 29 Dec 2021 03:29:33 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Tue, 28 Dec 2021 03:29:32 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 8BC8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

42ms
42ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d30d6273dac573f0a8d3e9ab657d03cb2a5091675e42ff42f2acf978a4703267

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|45|230|39|196|218|41|105
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1574
Expires: Tue, 28 Dec 2021 03:29:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Tue, 28 Dec 2021 03:29:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 9F29 2 KB
814 B 33ms
8ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkU4N0Y3NTktQURFRC00RDNGLTkzMzUtRDJFNDU3REYwNUVE&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DBE87F759-ADED-4D3F-9335-D2E457DF05ED
https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED

0
273 B

113ms
113ms

Image
text/html

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 6c47b4787c89694f-FRA
content-length: 0
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED
date: Tue, 28 Dec 2021 03:29:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=926576732042191180

35 B
186 B

176ms
176ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=926576732042191180
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4764a52694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1e93fa5e-e5e1-4ffd-8502-937d36bc162c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=926576732042191180
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cm
u.openx.net/w/1.0/ Frame A590 43 B
305 B 43ms
17ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-nMWYFiFE2uFD.YAscAICW6fWbAHU8Kd6UlBiK10-~A

35 B
264 B

122ms
122ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-nMWYFiFE2uFD.YAscAICW6fWbAHU8Kd6UlBiK10-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4766a67694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

location: https://router.infolinks.com/dyn/VR-usync?uid=y-nMWYFiFE2uFD.YAscAICW6fWbAHU8Kd6UlBiK10-~A
date: Tue, 28 Dec 2021 03:29:33 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1106365789
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1106365789
https://sync.1rx.io/usersync/tradedesk/270e4143-8d51-41c1-9ba1-bc2e170815eb
https://sync.targeting.unrulymedia.com/csync/RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003
https://router.infolinks.com/dyn/r1-usync?uid=RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003

35 B
213 B

113ms
112ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4782c3c694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

location: https://router.infolinks.com/dyn/r1-usync?uid=RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003
date: Tue, 28 Dec 2021 03:29:33 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXad364bb379204da48ec352d0f8a93f06003
content-type: text/html

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
97 B

114ms
114ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store
cf-ray: 6c47b4787c7d694f-FRA
content-length: 35

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame A590 0
478 B 68ms
13ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame A590
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fitechnews.co.uk%252Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%252F&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fitechnews.co.uk%25252Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mod...
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&pid=12306&adnxs_uid=926576732042191180

95 B
944 B

135ms
32ms

Image
image/png

54.154.182.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&pid=12306&adnxs_uid=926576732042191180

Requested by

Protocol

HTTP/1.1

Server

54.154.182.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-182-198.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Tue, 28 Dec 2021 03:29:33 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Tue, 28 Dec 2021 03:29:33 UTC

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
X-Proxy-Origin: 185.232.23.178; 185.232.23.178; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b9698706-176b-4466-b3af-f975bfc264aa
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&pid=12306&adnxs_uid=926576732042191180
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame A590 42 B
233 B 284ms
97ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP5fc78247-678e-11ec-81d7-06453e459354
https://router.infolinks.com/dyn/outh-usync?uid=y-T_.gyltE2uFwDG1oIEEQpCPW_kL9orKm~A~UP5fc78247-678e-11ec-81d7-06453e459354

35 B
235 B

119ms
119ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-T_.gyltE2uFwDG1oIEEQpCPW_kL9orKm~A~UP5fc78247-678e-11ec-81d7-06453e459354
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4768a95694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

location: https://router.infolinks.com/dyn/outh-usync?uid=y-T_.gyltE2uFwDG1oIEEQpCPW_kL9orKm~A~UP5fc78247-678e-11ec-81d7-06453e459354
date: Tue, 28 Dec 2021 03:29:33 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK usersync
match.bnmla.com/ Frame A590 0
114 B 307ms
101ms Image
text/plain 38.27.122.101
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.101 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
https://router.infolinks.com/dyn/sovrn-usync?uid=6282b2704e0937dd1f40c18f

35 B
193 B

178ms
177ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=6282b2704e0937dd1f40c18f
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b477bbcb694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=6282b2704e0937dd1f40c18f
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzQ3RUQ1QTYtODM0Qy00NzU3LTk5NUQtMTUwRkNGQ0Q4RTNF&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DBE87F759-ADED-4D3F-9335-D2E457DF05ED
https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED

0
40 B

117ms
117ms

Image
text/html

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 6c47b4787c8a694f-FRA
content-length: 0
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=BE87F759-ADED-4D3F-9335-D2E457DF05ED
date: Tue, 28 Dec 2021 03:29:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame A590
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=5142336719260327866

35 B
189 B

116ms
115ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=5142336719260327866
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4779bb7694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=5142336719260327866
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame A590 0
72 B 345ms
110ms Image
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status: 2000208
date: Tue, 28 Dec 2021 03:29:33 GMT
server: 33XP004

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame A590 0
36 B 113ms
112ms Image
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/usync/manage?pid=3255211&wsid=0&pdom=itechnews.co.uk&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6c47b4774b63694f-FRA
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 504F 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Czis-nYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIgCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwjyA7fY_CNwNZKSZVtg6p3Q5W9ZV-ujzzmx_SZwAPXnBLdNC5DLy9gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=vpa4q7tMehU&uach_m=[UACH]&cid=CAQSPACNIrLM3qzP6Gm4T_nBC-AUKCaCsMudld0ASzYBbqEWvBVwBXCrSsesUiCWGPaZWTT6vljNgfqtpJBv3xgB

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3092423418&pi=t.aa~a.665581152~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280&nras=7&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=615&ady=4269&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=AGktn8WsEF&p=https%3A//itechnews.co.uk&dtd=76
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 504F 0
0 35ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gpbg6rm5kwe3atwb7wjqg2fzbx7p566v374ey1dde7b46vqg8w4eq10dret45rgzp6a7rnc3nsybyfdy11066awgz6ewhhvn2dnj05qyhcg4vprk3h77s4hrf1yrdty1ykw3dw7hv0dx8pj5edqrda36sj5yw4qmd6az0vc144nyspvjgzkz7j4r85vmm4tnyjnm2t75877k7fs31jbaazgyqgh7btgw995e753haxsda8waaz4pg9db0a18nnmskzr06qmrkywwg7gpfsg37st2sah41v9nha89340pkhkp6fpqd6jdjcvp2akjwvh6cq3zfv3wet1vb7n571c63sqfvd9hb51p074adeff8abj2d09kmmxqm5t99tftkna5jcwm3p6w9nh06memddf44hncvga&b=YcqEnQABCeUIEdRLAAeOEAR4MxjrPuMVl9YFzQ
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 3EAD 2 KB
1 KB 83ms
37ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3092423418&pi=t.aa~a.665581152~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280&nras=7&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=615&ady=4269&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=AGktn8WsEF&p=https%3A//itechnews.co.uk&dtd=76

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cab2b281df357257891c076d8201c5ab9d9f6983d0db6dab159835eb8a7c41b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47708b7839d-MXP
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 504F 2 KB
1 KB 37ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 03:19:48 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 71F9 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 27 Dec 2021 05:53:44 GMT
expires: Tue, 28 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77749
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 504F 119 KB
37 KB 1037ms
684ms Script
text/javascript 2a00:1450:4019:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Dec 2021 03:29:34 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 504F 15 KB
7 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 01:31:13 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D3EF 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CFK6HnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjAJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d5pw5U9Y9isJfJknw0TaVpLZvIUipzA-HKF06qrv7CeTejvyKphngAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=9_n65kcqbOc&uach_m=[UACH]&cid=CAQSPACNIrLMynbGCgTsMs9_HlGMSDwnsqdO7c3NV4WGr9YZ7VFWF-qD2ZL4tD1yWWU1Y5lMbbhX4GlUZH0wiRgB

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame D3EF 0
0 17ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gcx5bv9qmak55cd4zs3e5em9mybqsh24ngt1w48n1m1jktka71jpdfc2a758b3qwdj96h5wmpae546jcpkscd2ydn8k6dhmxmnpbw3480k8gzv9sd9vsx3kzb6wa6mstc9xqz2gnmk860438gdk4bd5zx843pre1wjqqj9r8kxxtg33z3mr01a2zhmsve2ndhn70yhz79xwkhqzse65x7q0fn1ss33p72n929wm1fk334bkxs0fg0b2cx012v7zw1qd8fkvn2hc1fe7k06encpqnn5bp4z1mxp0fzje4wr2f0rvgvdwwagb01yx2zr5mcgkf06rndc5x87bazp77ekt9qwkynvhds7stk2q7jmtc25hhgjm4g945vek6x6dq79dj5tknrcrp3eysef8v2dp6rwz8&b=YcqEnQAA06EK4HbZAAi2Yc7h6LAUIcMmVBtkBQ
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 0C63 2 KB
1 KB 64ms
37ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

597ae718eb4cb404c6cc743dc744e1b7cf1d2789928c4890561a84106e314238

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47708b9839d-MXP
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D3EF 2 KB
1 KB 18ms
12ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 03:19:48 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0B08 1 KB
749 B 9ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 27 Dec 2021 05:53:44 GMT
expires: Tue, 28 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77749
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D3EF 119 KB
37 KB 1242ms
908ms Script
text/javascript 2a00:1450:4019:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Dec 2021 03:29:34 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D3EF 15 KB
6 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 01:31:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D3EF 0
0 44ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQZ85KUbUyXf1P-jAID8ysQznKcyg4ryaOPN9Upt7SR_NjnawFodkBo15m7DA486pFoHlBdpRO2IGv9FNgCyWA5bj5nng
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3F2D 0
0 48ms
47ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4WkvnYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjAJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r4efwCIDaRzOji82R2QgV00mOKPAWNWuEsvrck36EUOnGdmEr5vvgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NjM2MTgyMjMyMDE4MzkzGAA&sigh=KPAjwryOLpI&uach_m=[UACH]&cid=CAQSPACNIrLMCjdEh6e0YKyNCcAn9l3PtypaT0YQih4YS-vEQqaEystG1fdT7T8jpsep8TrWBEbKjE0lLZo7dBgB

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 3F2D 0
0 17ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jr57g18q7exr5gmd7bvd533vw3tgxnkdj1h4anwqxxgn17wewnefw0pzync88wjahfdmc6vy9xvwb1yr2gb4cbb6ytmc54z323mvxqskxd1anq7138c3v65qpypk7s90z93mp7s1y1ynmj904dffv6w3mvmsj754qzke6ftkyyvdn3exxgs43mjk0xyx13ad1kemwqa7m380j7atabx87fjsr1537d4txk7sd5kzaypenwt72zhx01mc43pjegkzvqvfaezdrzvcepv4b0hb021tw6pgh3jkyv42xm0kem6vj1mbs7jyd4ksd5hvd64trqwabpb8a2chnn66gzerkw6mgc8sd5e4zp4gqaspd59nj4gy1y6zyk1v7qdqdbxeaz6c4c3jar3rtrkt6s4zmqc3rtyg&b=YcqEnQAA_4oK4AaXAAb9oH5RBf7RF7Pz4iBHFw
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 4834 2 KB
3 KB 43ms
36ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3869ca0c100e7a8fb9333a90c4b324e0f4ac8cce3a04db84c154cd23ce178797

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47708b8839d-MXP
content-encoding: br

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3F2D 2 KB
1 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 03:19:48 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0F09 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 27 Dec 2021 05:53:44 GMT
expires: Tue, 28 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77749
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F2D 119 KB
37 KB 1322ms
1008ms Script
text/javascript 2a00:1450:4019:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Dec 2021 03:29:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3F2D 15 KB
6 KB 24ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 01:31:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3F2D 0
0 25ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLDGMd0yE-EWf9-JVMkzcptRLfvhEi5gQ4w8zOC-BkeaEL7jSXalRG0-7YEUstP70xYqJVFlFxU11D9SuSC8kdnVNK4g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 761A 0
0 48ms
48ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C02o_nYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIwCT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDD-GuamxLJFRPWtwR5NHMON7BYwOnquXYhXvBTVRvVs4nwAF7RRdYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTYzNjE4MjIzMjAxODM5MxgA&sigh=1b6CVK34Lso&uach_m=[UACH]&cid=CAQSPACNIrLMtehkbHp-g_vEJ82gEWxOm2_ndm8TpiyEd3Wu6zE3cep2OMbbk0dT1IU2kPDs6OMQ2K2W_xpMlhgB

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 761A 0
0 17ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1k01gqsz4x7y6nkh557tzpe4gky4y61d85qesz7ytxd8drvx4kspavy463fvh6fmyf1psf4w4y1drqmx07ccnwrg042rm76pp8p06hnwg8v1t2gcymhzx6abk6xpsd5qz5k42rkz0rxccsk92v2d1g65t3wck1n8qydenq8nc1t2yv05jta10rz2xvszhb62jcaeqqyd1sk72vdda87jpde3kzjg7z8e6s1tsjxe5kzkar0tcmn5kxmdaarwa9sx5g6n7eam8hw6fj4x3q6jqn0h363bxghhx73zxbnmp43yyzgda200wa4cynh9e40y0hqcmvn9sf24jke2v59vxf6b4tz83qhwf1cz9bxjwtyz9axfhtwrsde3wgrxx6t7typ6bk3945kwbgakw1sbsedp61sjc&b=YcqEnQABBikIEdLQAANbH1as5nueSyDuPAFUCQ
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 876A 2 KB
1 KB 36ms
36ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36924d83fea8d53fc69e3fcddffe35b5e3cada7e03b65226a6619c4875d1535d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47708bc839d-MXP
content-encoding: br

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 761A 2 KB
1 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:19:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 585
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 03:19:48 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AACD 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 27 Dec 2021 05:53:44 GMT
expires: Tue, 28 Dec 2021 05:53:44 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 77749
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 761A 119 KB
37 KB 1283ms
979ms Script
text/javascript 2a00:1450:4019:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4019:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Dec 2021 03:29:34 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 761A 15 KB
6 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Jan 2022 01:31:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 761A 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQUJ3qCpwQUGP46zeMkzR6k5pGT5KJVBpiPHFynvPZ3hfhf3ng5KMzUEjYVeIXoGU1FN33xL1h54VOMN3ibcKl0qq1WZg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itechnews.co.uk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0585 436 B
233 B 103ms
102ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=100&adk=888072906&adf=3177920725&pi=t.aa~a.3593296581~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x100&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172995&bpp=1&bdt=1169&idt=2&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280%2C370x280&nras=8&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=4245&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=7&fsb=1&xpc=GNBSHmJJtB&p=https%3A//itechnews.co.uk&dtd=297

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff508a4d10df2e6e505dbb596ec73d2868f9416c8d582ec4d3188b92d3c999bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 94E1 436 B
233 B 121ms
119ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=50&adk=102376551&adf=1448564515&pi=t.aa~a.4087535713~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x50&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662173016&bpp=1&bdt=1189&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280%2C370x280%2C370x100&nras=9&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=8&fsb=1&xpc=VRkRc8Rd8c&p=https%3A//itechnews.co.uk&dtd=282

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

653cbfccb0743fbd84126774fe34fb9a9e80ef4d67ce0f0df37da7a6f9751048

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 28 Dec 2021 03:29:33 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 8BC8
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&dcc=t

43 B
645 B

104ms
104ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HZ5NV923H43Q7G1HQW1Z
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KHH3HM39951AQHS3C0RR
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 8BC8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YcqEnSsMHNxlgAg.-2yrzwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBGzn3XwW7FGTWeNaE4lDsw&google_cver=1&gdpr=1&google_hm=2

43 B
999 B

24ms
24ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBGzn3XwW7FGTWeNaE4lDsw&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 28 Dec 2021 03:29:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEBGzn3XwW7FGTWeNaE4lDsw&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 8BC8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO1PQilEmDufHqpnKt4uIXA&google_cver=1

43 B
315 B

46ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO1PQilEmDufHqpnKt4uIXA&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Tue, 28 Dec 2021 03:29:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEO1PQilEmDufHqpnKt4uIXA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 8BC8 70 B
264 B 33ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK us.php
gu.dyntrk.com/adx/ie/ Frame 8BC8 0
215 B 67ms
15ms Image
text/plain 51.178.20.139
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.178.20.139 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31193669.ip-51-178-20.eu
Software: proxy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
cache-control: private, no-cache, no-store, proxy-revalidate, no-transform
x-rc: 10
server: proxy
content-length: 0
content-type: text/plain

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=YcqEnSsMHNxlgAg.-2yrzwAA%261137
dpm.demdex.net/ Frame 8BC8 0
0 124ms
30ms Image
application/json 34.246.39.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YcqEnSsMHNxlgAg.-2yrzwAA%261137?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.39.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-39-217.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame 8BC8 43 B
408 B 109ms
30ms Image
image/gif 173.231.180.197
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.180.197 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS: ams-delivery-4.sys.adgear.com
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: ams-delivery-1
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 8BC8
Redirect Chain

https://d.adroll.com/cm/index/ssp?gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

43 B
973 B

38ms
29ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 28 Dec 2021 03:29:33 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date: Tue, 28 Dec 2021 03:29:33 GMT
server: nginx/1.20.0
content-length: 76

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 8BC8 35 B
197 B 113ms
112ms Image
image/gif 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=YcqEnSsMHNxlgAg.-2yrzwAA%261137
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6c47b4778b9a694f-FRA
content-length: 35
expires: Mon, 28 Dec 2020 03:29:33 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 4834 81 KB
11 KB 37ms
23ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b4779f2b4e9d-FRA
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 4834 36 KB
12 KB 48ms
36ms Script
application/javascript 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45222
x-guploader-uploadid: ADPycdtXvXkNTikigjdIbYNhxiQLD-4AZAv9bzOL91Gi0Vasqu-NthMEIEUtuuiuVaKDT9UyXdL8EGeHFPeRkpk5qsfqo-CjnA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWXnWj44QXXN2mWFdkYYEAm4Z1bpcypgVBwFne4XMc8%2F27Jw7%2BZDG%2BEd7ln1SzVzo%2FCyZgMdSWXO3%2FTjVyNzo8pEVn2Y4c%2FTjzvD8w3itVK3u5j0f1q2Pzj2AT058m5NURuXqzg%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6c47b477a907839d-MXP
expires: Mon, 27 Dec 2021 14:55:51 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 3EAD 81 KB
11 KB 34ms
22ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b4779f2e4e9d-FRA
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 3EAD 36 KB
13 KB 36ms
26ms Script
application/javascript 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45222
x-guploader-uploadid: ADPycdtXvXkNTikigjdIbYNhxiQLD-4AZAv9bzOL91Gi0Vasqu-NthMEIEUtuuiuVaKDT9UyXdL8EGeHFPeRkpk5qsfqo-CjnA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2VBvEd%2FAPu7kK0aaDJKvZb%2BwhFYWrvAFlfg64mGVNvozuKoRDMuNcKzJj1YSx6dn2XW%2B7sZHNmIDsiwKAEMf6ZDO6nE3KhTzUItfAMlPn5m8savspDk%2FDzgGVrdUmc6Kbf8m1c%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6c47b477a905839d-MXP
expires: Mon, 27 Dec 2021 14:55:51 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 0C63 81 KB
11 KB 44ms
33ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b4779f2f4e9d-FRA
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 0C63 36 KB
12 KB 37ms
27ms Script
application/javascript 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45222
x-guploader-uploadid: ADPycdtXvXkNTikigjdIbYNhxiQLD-4AZAv9bzOL91Gi0Vasqu-NthMEIEUtuuiuVaKDT9UyXdL8EGeHFPeRkpk5qsfqo-CjnA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZ%2Fq8rMqAYjGV6PZgqeWfwb8RRGMX7OyONOeNX%2FgAkj3z%2FW9j5QuwQwStGGQonrtMXq7Q%2F9%2FhAQ%2BR26FQnJtNNIKbhT7zS%2BvEXpJ5olyXAbndgbx8%2BoLCNapxweT%2FnznmoPQDCg%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6c47b477a908839d-MXP
expires: Mon, 27 Dec 2021 14:55:51 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 876A 81 KB
11 KB 51ms
39ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b4779f2d4e9d-FRA
cf-bgj: minify

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 876A 36 KB
12 KB 36ms
27ms Script
application/javascript 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=i2G9+Q==, md5=KT4B161Aam0qyQ5N1n+FMQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 45222
x-guploader-uploadid: ADPycdtXvXkNTikigjdIbYNhxiQLD-4AZAv9bzOL91Gi0Vasqu-NthMEIEUtuuiuVaKDT9UyXdL8EGeHFPeRkpk5qsfqo-CjnA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 02 Nov 2021 14:54:41 GMT
server: cloudflare
etag: W/"293e01d7ad406a6d2ac90e4dd67f8531"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VywsCBeWHfqH4QlQCg80H%2BM8WJ1ZE2PMoHNeM33icDnfG%2BNXbqRiROVBXiOt%2FGsP1%2FS44YwY5XQbIn2MqIkI6qZ3WXiJ2b71tSQmVi161eZkmDIe%2FWImlhOto1Ft3EF5%2BLnxujI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1635864881199576
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 6c47b477a909839d-MXP
expires: Mon, 27 Dec 2021 14:55:51 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 71F9 35 B
465 B 44ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMV9St0NFsQnPrQ0Bz_41Fk&google_cver=1&google_push=AYg5qPIc-pH-nZBDOqMCZkWA85bmgPnBAHdkvcidbYjd1pOqt-gI7br2RbtAFveU-QurwMlFPKmeleULLs29o1zZtdSNWbqEsuUvRA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 71F9
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEElYOCIVmyfH2NMVp7xH4Kc&google_cver=1&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA&google_hm=Q0FFU0VFbFlPQ0lWbXl...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA&google_hm=Q0FFU0VFbFlPQ0lWbXlmSDJOTVZwN3hINEtj

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI8nhiLkYX_E2emdHzgAm_00ykwXACjhsqOBO73ZdZjmj68GzNcyvUN7dVeL7PGz1MAyoJhQhi374C7orZhWf9wYyYFYcImQA&google_hm=Q0FFU0VFbFlPQ0lWbXlmSDJOTVZwN3hINEtj
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 71F9 43 B
134 B 45ms
23ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEI1wjrzMGuJokU6pqe5aL9k&google_cver=1&google_push=AYg5qPKuvyKAZJJwdjkM20zdLu8yl4ecWDJ0Zj_72eyX8vRYqmyLercThCXeCQrZB4Hpuc5YhRyfIc6mvL4gtBCV66xFWnWm5a40VA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3092423418&pi=t.aa~a.665581152~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280%2C370x280&nras=7&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=615&ady=4269&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=AGktn8WsEF&p=https%3A//itechnews.co.uk&dtd=76
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: injn139ehsrspfqlcq1pu3sd6alogg5q

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 71F9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl7oAlyrjnWTV5NMsIehsPOvoksgJuWKO3rmSD8JQBdQnpin77AmsjlKS8Ont9lrAbI5r4bwSeW8MFp81YMgozlpi9t1hv

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJl7oAlyrjnWTV5NMsIehsPOvoksgJuWKO3rmSD8JQBdQnpin77AmsjlKS8Ont9lrAbI5r4bwSeW8MFp81YMgozlpi9t1hv
date: Tue, 28 Dec 2021 03:29:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 71F9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAZZqHgoIyJ2iZX2XkTaO6A&google_cver=1&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtQS00RlZL&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2SXRsxxvrECUkFqTLFpgBdHSuE

170 B
188 B

16ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtQS00RlZL&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2SXRsxxvrECUkFqTLFpgBdHSuE

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtQS00RlZL&google_push=AYg5qPK9rIPmwDJWS1u6FoGPyWy__G-mXsWknolqaBQA9nUQFnYeu8sLC8k0ihgrjDjbVrALFh2SXRsxxvrECUkFqTLFpgBdHSuE
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 71F9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tk...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 71F9
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJdNIyDG_w6SZ_JjmBTQX0o&google_cver=1&google_push=AYg5qPL5YqD40aSiOU353ttC...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5YqD40aSiOU353ttCgBXR3VYQlfbqW5ADoN49jKXgtE5AjrKau3PuDWv63oFnbDJUB7MI1LqmSzChQqtFbiKYQKG5O2zNKdE&google_hm=

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5YqD40aSiOU353ttCgBXR3VYQlfbqW5ADoN49jKXgtE5AjrKau3PuDWv63oFnbDJUB7MI1LqmSzChQqtFbiKYQKG5O2zNKdE&google_hm=

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL5YqD40aSiOU353ttCgBXR3VYQlfbqW5ADoN49jKXgtE5AjrKau3PuDWv63oFnbDJUB7MI1LqmSzChQqtFbiKYQKG5O2zNKdE&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 27 Dec 2021 03:29:33 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 71F9 0
12 B 17ms
15ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JEoBKtUkhl4mlYS4UeV5mp9HOYsiisCMlq0uak9SDN8ue8f5OO5nQ-izn7FrvUXOX7AvfiPA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 0B08 35 B
463 B 40ms
13ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELM1m--fz3N7rD9X1DU7kOQ&google_cver=1&google_push=AYg5qPKFxbKNiqvtH7lAX8dIv5UxWzRNdpK2SMUfjKELGEFaH7T-LRbAU9WT92D8Ybo9oZHpHjSJfVpbAzQq93EYiBD757EHfgeL

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B08
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEIq03ZzSimR7DclZpiCsDbU&google_cver=1&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS&google_hm=Q0FFU0VJcTAzWnpTaW1SN...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS&google_hm=Q0FFU0VJcTAzWnpTaW1SN0RjbFpwaUNzRGJV

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:32 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKUN_IPvIcF6qkV8qsdqAPYf-zCF9W3Vo6WpmKQQMZgCSj38wMaCxho9RwGbeRjyddUyPgJgj1cQRGFEkjQrr-IroH9_riS&google_hm=Q0FFU0VJcTAzWnpTaW1SN0RjbFpwaUNzRGJV
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B08
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKtVlVo...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKtVlVo...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDA5NzM2MTAxMzY1Ng%3D%3D&google_push=AYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvA...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDA5NzM2MTAxMzY1Ng%3D%3D&google_push=AYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvAPOVS1KD0Qs_mZNhw6zR0Ronlf-9e4

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDA5NzM2MTAxMzY1Ng%3D%3D&google_push=AYg5qPKtVlVo_wrUa7T48rEjvPDAHj3yrPaBeLBk-J_J3GvKB0GRlTSPh5jV98Bk_UuTvAPOVS1KD0Qs_mZNhw6zR0Ronlf-9e4
pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 28 Dec 2021 03:29:33 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 0B08 43 B
351 B 37ms
19ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEHMEO3FBTdIkzQE925C0xOU&google_cver=1&google_push=AYg5qPK35eVJHOOrN3zu4C9aV-d3lOFZaBM4VLUUuGEh9UiCkOgKL19yEePjYi-Xg4zGLIGGRt1_eCapS_JOfVgykkJ89a-qc9M
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=3684932205&adf=3174511142&pi=t.aa~a.1109846382~rp.3&w=412&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=412x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=2&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0&nras=2&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1254&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=CItn1aESvm&p=https%3A//itechnews.co.uk&dtd=60
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 47kb8e8c9im529a65nubd9ajptn26n3u

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B08
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKrAFkRTrd2QJW2pwRyvVmq0xeYOfy6v13vIzRBOXkpdMuBjcgjc2W0JR3qyk2jvZoYiwp89Vb2-g_saiJrULjooMkBjlfZ

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKrAFkRTrd2QJW2pwRyvVmq0xeYOfy6v13vIzRBOXkpdMuBjcgjc2W0JR3qyk2jvZoYiwp89Vb2-g_saiJrULjooMkBjlfZ
date: Tue, 28 Dec 2021 03:29:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B08
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDLstOeVWIV4WVgBOhzvZEM&google_cver=1&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GV...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtMUItSlU5WA==&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GVwaFrOkH0Z3h6jFY-4q5jz-ew

170 B
188 B

16ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtMUItSlU5WA==&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GVwaFrOkH0Z3h6jFY-4q5jz-ew

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtMUItSlU5WA==&google_push=AYg5qPIP01EKBT3OK8jUFFMDm9lDgSqfg-G5iXuzCzY3Ltu9salMo_Hel8R3PuWw9XH0KJqS-GVwaFrOkH0Z3h6jFY-4q5jz-ew
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 0B08
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJ...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0B08 0
12 B 16ms
15ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KZUbMz7Fifljc7ZJaWE1rwyuXFCXyG2Lcv8tjhiApyLKKdiMypBQ4tIZtDceYX4qnqqNcl

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 0F09 35 B
463 B 33ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDdMdohuwM2Wlx0O2EvQ3b8&google_cver=1&google_push=AYg5qPJNQe9_2QgMpuUEKVeqwxBnbphGpe0hdZpp_7LjtMZhrzVM9ck9JKYGVG_baFQuNNDB8nZ3FIZE8O1oD9w3vGH5YtES02iq

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F09
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEA13i1qGmSnG5yUoUj6azuQ&google_cver=1&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg&google_hm=Q0FFU0VBMTNpMXFHbVN...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg&google_hm=Q0FFU0VBMTNpMXFHbVNuRzV5VW9VajZhenVR

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPL1utX3hY6LbT4hKFyKmfTM3prrcUuM6DRrdTmPZrRzyFrot2Y1CAHrFbGy8R5CO9l3XHRTxkuJ9M5O8_R6U-BJVtFMD1wlOg&google_hm=Q0FFU0VBMTNpMXFHbVNuRzV5VW9VajZhenVR
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 0F09 43 B
135 B 31ms
19ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPbu1Ud7cz-G1itFrdjqytM&google_cver=1&google_push=AYg5qPIpjzgFgygxvDe39prewP8g__K1DuVhcp1_pJQd4V4vy84Ar9Z914GT7LrZbfv5roKPxWaIAomfBBsoFOb37ikpnfjixpTEAw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 3b3ajf25jvgd854r0aoegt7c1ipnjmjt

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F09
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLxbdPbs7ysbVTGe3AcHxP_VM0EVaTvUZUY9H8hoTKPHd7M6eJ6MwMle_KS1px4tRWptkkRrLUJotZshBonAqO842gPLwfF

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLxbdPbs7ysbVTGe3AcHxP_VM0EVaTvUZUY9H8hoTKPHd7M6eJ6MwMle_KS1px4tRWptkkRrLUJotZshBonAqO842gPLwfF
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F09
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDRk5kxIijGZyN8dLUJAEMI&google_cver=1&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtUi05M09N&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW8hKnNlT8OpcM73yTQ8EoeWAJUrw

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtUi05M09N&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW8hKnNlT8OpcM73yTQ8EoeWAJUrw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVgtUi05M09N&google_push=AYg5qPJkuDGzaY7TBVvQerMf5ayOFajNGB4bVEbjrmRhxNIo37vViM-evMuVAxvuJF8bUGHcbsW8hKnNlT8OpcM73yTQ8EoeWAJUrw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 0F09
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ7tXyESzV16TEgTljROKZI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzi...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0F09
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN4bwzUYcGXyMpQUIfjr7Lo&google_cver=1&google_push=AYg5qPLIONLt06BV0JJsELiW...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLIONLt06BV0JJsELiWy_-Ko3RaGBHcVDqjA7XjErMQhlhhSWo3BnoeITj0UDnubQoiUAqv8KqMT5CG1KJI1O3xxmyGAzEuK6k&google_hm=

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLIONLt06BV0JJsELiWy_-Ko3RaGBHcVDqjA7XjErMQhlhhSWo3BnoeITj0UDnubQoiUAqv8KqMT5CG1KJI1O3xxmyGAzEuK6k&google_hm=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLIONLt06BV0JJsELiWy_-Ko3RaGBHcVDqjA7XjErMQhlhhSWo3BnoeITj0UDnubQoiUAqv8KqMT5CG1KJI1O3xxmyGAzEuK6k&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 27 Dec 2021 03:29:33 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0F09 0
12 B 20ms
19ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IVD3MOZw47EtffT1VTB1oTMA03sr5A4_77BGEhvweSV3Xt-Rvk0r_x2JWsRoY04yBoED8mag

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=3817336470&pi=t.aa~a.3593296581~rp.2&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1150&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280&nras=5&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1025&ady=3925&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=Ia3hodCKDn&p=https%3A//itechnews.co.uk&dtd=70

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame AACD 35 B
463 B 31ms
13ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENIyBUYMpkq11QbV6jQ1I64&google_cver=1&google_push=AYg5qPIrlhHd256xTPDuQzlqFaHb8qwLHwa3HTgBxfYvX4ulVcvnpofcQ-P9GWuNRI8fcaQGT27UFi_ASsYEj5D9WT8d0dUHElG2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AACD
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKlLpUw...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKlLpUw...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDAxMTE1NTMxOTMwMA%3D%3D&google_push=AYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwT...

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDAxMTE1NTMxOTMwMA%3D%3D&google_push=AYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwTIvGofJu41CueFDdv5lw0DpbqsiDcE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEyMjgwMzI5MzMwMDAxMTE1NTMxOTMwMA%3D%3D&google_push=AYg5qPKlLpUwp1SnxSX0mvncIok4PncSVIi628NStsRal5tjMSpDZcJnJtc0-q1NgqWwwTIvGofJu41CueFDdv5lw0DpbqsiDcE
pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Tue, 28 Dec 2021 03:29:33 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame AACD 43 B
324 B 55ms
15ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEI0nLUbq-_alVIBSFwJundI&google_push=AYg5qPKbo3EHwq8MHhYJ9RT1lxiI8FzHgO8WjVIdanGpyoSOuvt_ZxhvbdPtqvx6vW7SITniJvUg-KcfqJKNX7bKK7wy0wQVkLVa&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame AACD 43 B
133 B 28ms
20ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESENFnWIeYLVK9OXmH4qAlH5k&google_cver=1&google_push=AYg5qPL5Rpv80SeFaUo9GIjz9ABh6yIdx_DGY9wV-61WQH6DX1_kbzGs4I6AIRJn0yrLfnhOCZOhjdxwCzL7EYy-83J98kKhWFam
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:32 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: h7h3tosejgo02dhhdagafh3n90glj7fa

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AACD
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK0xLMbGgGkQwbBtMSgiSyDU7rc9oC5czMhwiny36YZfj4O38DhIyicZZah4FO1_kuEUwo_QBvdrtmcR-eOwyoHUGulomc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=vof3Wa3tTT-TNdLkV98F7Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK0xLMbGgGkQwbBtMSgiSyDU7rc9oC5czMhwiny36YZfj4O38DhIyicZZah4FO1_kuEUwo_QBvdrtmcR-eOwyoHUGulomc
date: Tue, 28 Dec 2021 03:29:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AACD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEISiMMglH-umsxM3n7twrGU&google_cver=1&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilY...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVotUi00Tk9E&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilYyqTB3sfFtgdoIEKmQshGB2DdT

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVotUi00Tk9E&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilYyqTB3sfFtgdoIEKmQshGB2DdT

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1hQSldCMVotUi00Tk9E&google_push=AYg5qPKPn32FCBXNlNRn6E9H317FMo_2m7ZCt4P2BjZzSfOKXkSrL8qCqFVUAJaYylviq_O6ilYyqTB3sfFtgdoIEKmQshGB2DdT
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame AACD 43 B
297 B 98ms
21ms Image
image/gif 2a05:d01c:1d8:8102:ce41:8ff6:95aa:83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESELIT_nrIxlKqiIBT-TZU6KM&google_cver=1&google_push=AYg5qPIWiJf1eelPOwCkekYFVXU_R-nZi2r4hORVbUuPAb4Aq71qOQB1-h0-Y2IykAfANWRCcbEfnNK92_ftmvGZKqP_AF4kOKMp
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:ce41:8ff6:95aa:83 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AACD 0
12 B 20ms
19ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IWs1fD5wFc5guq7FCxr9Oj8vy4jmpq8Cju-kBQZk5VPDqW063AdlbpVLgmzoun8d6XLOPH

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5636182232018393&output=html&h=280&adk=407063691&adf=704572923&pi=t.aa~a.331158846~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1640658655&rafmt=1&to=qs&pwprc=7092776655&tp=site_kit&psa=0&format=370x280&url=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1640662172976&bpp=1&bdt=1149&idt=-M&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da72e3437dad9460f-2278386111cd00de%3AT%3D1640662172%3ART%3D1640662172%3AS%3DALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA&prev_fmts=0x0%2C412x280%2C1200x280%2C1200x280%2C370x280&nras=6&correlator=3061070385866&frm=20&pv=1&ga_vid=976202078.1640662172&ga_sid=1640662173&ga_hid=208162374&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=205&ady=4180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063858&oid=2&pvsid=3406032875673221&pem=50&tmod=169&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=Jsx6sBcQgl&p=https%3A//itechnews.co.uk&dtd=73

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 in_search.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ 123 KB
46 KB 23ms
23ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/in_search.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b477bbce694f-FRA
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 22 Dec 2021 13:55:23 GMT
server: cloudflare
age: 5292
etag: W/"1eb61-5d3bc792394e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 27 Jan 2022 02:01:21 GMT

GET
H2 200 bubble.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ 156 KB
47 KB 27ms
27ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/bubble.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b477bbcf694f-FRA
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 22 Dec 2021 13:55:23 GMT
server: cloudflare
age: 5273
etag: W/"27044-5d3bc792390fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 27 Jan 2022 02:01:40 GMT

GET
H2 200 getads.htm Show response
rt3046.infolinks.com/action/ 3 KB
905 B 339ms
338ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22IL_IF_LEFT%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22f%22%2C%22garc%22%3A0%2C%22as%22%3A%22160*600%22%2C%22nom%22%3A2%2C%22sdata%22%3A%22newsletter%22%2C%22scs%22%3A%22AJYPJfQsMo%22%7D%5D&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&sr=1600X1200&rts=1640662173402&cfv=-1&cb=singleGetAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&tzo=-0000&c=c&strg=true&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aad2ba9ca16c4253bc675c2f385b9e83f25b227faef72fab0663609a404330ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b477cbdf694f-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 3EAD 3 KB
3 KB 57ms
21ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9162578
x-guploader-uploadid: ADPycdu4kVh88oPygz4q2L0gysGWlMlIFE5YReoxzb2pqvToqgh3BYrLqoA2iyx1syc2mGJLpBFm-K4K9hJXRMmcJywY3ItGvg
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OAggFxWTIi6RBJiB4i8n%2F2K4KemLdi6WlM6aQMsPocAI8dltigB39AF4dL6Nco2rE2bFU%2BX385R%2FLLWFAUQwFX7OkTYkoUAyAlAvdMPW%2F0q5T8bH98acSUkgtc3FM%2BRBJaLeeSL%2FGv9N%2Bs5Ii28q1Wh"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6c47b47848471f55-FRA
expires: Tue, 13 Sep 2022 02:19:55 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 0C63 3 KB
3 KB 39ms
20ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9162578
x-guploader-uploadid: ADPycdu4kVh88oPygz4q2L0gysGWlMlIFE5YReoxzb2pqvToqgh3BYrLqoA2iyx1syc2mGJLpBFm-K4K9hJXRMmcJywY3ItGvg
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSVec6sBtEgje83QBEbgQgtFQF4M3iDFqwT5%2BLBjEZZjhIU9YpVrIA9jyJtOzrlVsFyJ9mIVztOxLtRiilP0l7%2Bp5NIKMWmdjX5EH7KP0hV%2BsC2IaSRzRO1TEjFzkezbXdebIg5aWlIeHkQRSEqvN5iO"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6c47b47848481f55-FRA
expires: Tue, 13 Sep 2022 02:19:55 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 4834 3 KB
4 KB 34ms
16ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9162578
x-guploader-uploadid: ADPycdu4kVh88oPygz4q2L0gysGWlMlIFE5YReoxzb2pqvToqgh3BYrLqoA2iyx1syc2mGJLpBFm-K4K9hJXRMmcJywY3ItGvg
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga38F2qMoK8rlMPsZEPbLSi1tOhAdojRz8RJL7zzR92xexHxMKZMywl5eKt6NbRpG0zhXzRF%2Fes7q0oeN%2BLZIoxCk5LW6fgEQrAzSs3BcnHQ3%2FyV48eMNYnlIETBhm%2FizTHKj29l6sLMexnXWuoJ2%2Bis"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6c47b478484a1f55-FRA
expires: Tue, 13 Sep 2022 02:19:55 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 4120 2 KB
2 KB 21ms
19ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdul5Ccw7d7rhgjk4K-9bNVBIMJUbbihzRGNqm4eKjFMeeucQ20B3FnwIcyOYympdB6UUlF8mlNguKXZm3TvRLI
expires: Tue, 28 Dec 2021 04:29:33 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2586929
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TmTteKQgOc2iWaXalGCR3t9zO3iPbiEvD54YcrNhzpBn0va%2FcUf3ZpUBsXAI8Ena3ucDjvsWBrZX2epaAxkhqYh9h2e%2FZnSmuTDy4IrXxzhXuafRZ0UAC%2B1ETmYmnifBYAZOkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c47b4783fad4e9d-FRA
content-encoding: br

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 876A 3 KB
3 KB 18ms
18ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9162578
x-guploader-uploadid: ADPycdu4kVh88oPygz4q2L0gysGWlMlIFE5YReoxzb2pqvToqgh3BYrLqoA2iyx1syc2mGJLpBFm-K4K9hJXRMmcJywY3ItGvg
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2FmjtwJ2a%2F14r47556WkFZEkpVQSZs13HnSH5Ei0tPRiRPibA6tOks5Sxc7u48Tkl9MUtWbfRhwCwPgU6LcnmYx5%2Fu%2F2hbY1I2X9%2FHcbdZM3pc2WTVhrmU8D1v%2Ftm%2FMbwgf7glBW8uIkIroJmvp7JWu2"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 6c47b478484d1f55-FRA
expires: Tue, 13 Sep 2022 02:19:55 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame A856 2 KB
2 KB 18ms
18ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdul5Ccw7d7rhgjk4K-9bNVBIMJUbbihzRGNqm4eKjFMeeucQ20B3FnwIcyOYympdB6UUlF8mlNguKXZm3TvRLI
expires: Tue, 28 Dec 2021 04:29:33 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2586929
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2juscsvODZud90HGn666eMdO7IIRqZFtHQ2GVFfu9MsJPyp1vKdIRPT0lLIbxOP7DnI13da6fc4HV8mL26eAA%2F%2BX9f65buddSTByATDfOjKYKNC%2BZqD3pkPynrsZTTE%2FXy%2FoIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c47b4784fc04e9d-FRA
content-encoding: br

GET
H3 200 frame.html Show response
ad4m.at/ Frame 9D09 2 KB
2 KB 18ms
18ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdul5Ccw7d7rhgjk4K-9bNVBIMJUbbihzRGNqm4eKjFMeeucQ20B3FnwIcyOYympdB6UUlF8mlNguKXZm3TvRLI
expires: Tue, 28 Dec 2021 04:29:33 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2586929
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aU437DxUQbeUNc632suJGwX5OH5LAHWSK7Wa3RjL411TB86lBiQuCJIYihXI9%2Bd6hp%2FPsiaHroHZ%2B3d%2BDYc9laxU3y8u0tGQC9VNyLBCpma8hGUj0iI%2F9Xw42ff8GSifi4IM9ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c47b4784fc14e9d-FRA
content-encoding: br

GET
H2 200 getads.htm Show response
rt3046.infolinks.com/action/ 1 KB
688 B 964ms
964ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A2%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22news%22%2C%22scs%22%3A%22ErHkYCwiIw%22%7D%5D&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&sr=1600X1200&rts=1640662173487&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&tzo=-0000&c=c&strg=true&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0e57bdf3148028e9b14a646f07892c3f3785eaa142fd72ee0cc058014151fa6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:34 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b4784c56694f-FRA
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 in_text.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ 10 KB
4 KB 16ms
15ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/in_text.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10000e50858213f4e33be0c6e50ffac69e77fe180e9aa08d4aa241273506bb91

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b4785c5b694f-FRA
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 22 Dec 2021 13:55:23 GMT
server: cloudflare
age: 3789
etag: W/"29f5-5d3bc79238d14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 27 Jan 2022 02:26:24 GMT

GET
H2 200 intag_incontent.js Show response
resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ 173 KB
35 KB 22ms
22ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/intag_incontent.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6c47b4785c5c694f-FRA
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 22 Dec 2021 13:55:23 GMT
server: cloudflare
age: 5096
etag: W/"2b399-5d3bc79238544"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Thu, 27 Jan 2022 02:04:37 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 562E 2 KB
2 KB 19ms
19ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
x-guploader-uploadid: ADPycdul5Ccw7d7rhgjk4K-9bNVBIMJUbbihzRGNqm4eKjFMeeucQ20B3FnwIcyOYympdB6UUlF8mlNguKXZm3TvRLI
expires: Tue, 28 Dec 2021 04:29:33 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
x-goog-meta-
x-goog-custom-time: 1970-01-01T00:00:00Z
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2586929
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNrqtGa4v7zEoENBWThHzONED%2Fpa%2BvUKcW4yPwD7CVIspdvNb3d0aKlWy%2BGtQJju5j%2B%2FYqIFl5dIFlahXflu8%2BTmud0fuCm8GIbI7W5lNmfE7u7LPm7EiHM9hdPmvsrVS3kdZlE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6c47b4787fdd4e9d-FRA
content-encoding: br

GET
H2 200 loader.gif
resources.infolinks.com/static/skins/ 962 B
1 KB 19ms
19ms Image
image/gif 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.infolinks.com/static/skins/loader.gif
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b8ee13d35110d7006bc5c5147ee0a0c6c3e1f26b2f246b8d5e57edf4f6b97b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
age: 10158
cf-polished: origSize=1631, status=webp_bigger
content-length: 962
last-modified: Mon, 14 Nov 2016 12:31:03 GMT
server: cloudflare
etag: "65f-54142035d0066"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
expires: Thu, 27 Jan 2022 00:40:15 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6c47b4790d23694f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 loader-bg.png
resources.infolinks.com/static/skins/ 902 B
1 KB 20ms
20ms Image
image/webp 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.infolinks.com/static/skins/loader-bg.png
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ddb995fe37710a4be439e4e3f45016cd7b7ecfa3423a29e4f4f4dcce63efff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: HIT
age: 8171
cf-polished: origFmt=png, origSize=1488
content-disposition: inline; filename="loader-bg.webp"
content-length: 902
last-modified: Mon, 14 Nov 2016 12:31:03 GMT
server: cloudflare
etag: "5d0-541420359b4a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 27 Jan 2022 01:13:22 GMT
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6c47b4790d25694f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 dcl.htm Show response
rt3046.infolinks.com/action/ 0
38 B 184ms
184ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/dcl.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&capara=%7B%22failedAlgos%22%3A%22palgo%22%7D
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b4791d2e694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dcl.htm Show response
rt3046.infolinks.com/action/ 0
39 B 169ms
168ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/dcl.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&capara=%7B%22failedAlgos%22%3A%22aapalgo%22%7D
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b4793d49694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 getads.htm Show response
rt3046.infolinks.com/action/ 0
58 B 171ms
170ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/getads.htm?hks=%5B%5D&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&sr=1600X1200&rts=1640662173630&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fitechnews.co.uk%2Fnew-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode%2F&tzo=-0000&c=c&strg=true&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/plain;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b4793d4b694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dcl.htm Show response
rt3046.infolinks.com/action/ 0
61 B 595ms
595ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3046.infolinks.com/action/dcl.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&jsv=1775.005-3.025.ab.1774.006-3.025&capara=%7B%22mode%22%3A%22default%22%2C%22markers%22%3A0%7D
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1775.005-3.025.ab.1774.006-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:34 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b4793d4c694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame 3EAD 2 KB
2 KB 47ms
46ms XHR
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e1c349c25a53af7a38620c033507086103f0068a241292fc2e6fad63bac4e01

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6c47b479e90d3761-MXP
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZIIvgrUe188kECu3jE6eF7ASvfj5jyf94ww8r79hqJUKJW5LFxN%2Fvtafj7uqBu8j9gzlpQkjuIS3AfdMYWPICnwD%2BnZIVmm6%2BC%2Fvfi2ENvVkghiUaB3%2BnXr1hVs85ttoHs5zGwc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-9z0n

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 76ms
54ms Preflight
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-9z0n
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9uCGwcEQstWxNsXz%2BocgARjrc1aVsDXd7eTFjGS1upFZDUSL61aQyZvGk8zs862O7zUV%2BOVwrbBtJVS3mMR48XZlKL1qwySRJJiheEjDXrZ0GoXVb%2BkWNJ58Tag6MXKYjKQNV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c47b47998e33761-MXP

POST
H3 200 rs Show response
ad4m.at/ Frame 0C63 2 KB
2 KB 48ms
47ms XHR
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15a64cacdd9597a222a744c75ed170c5847a4ebee4d015a279644960ea0669c2

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6c47b479e90a3761-MXP
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0OJ2OWzXH5sbQQqVNbVYXd37CN0j463zU%2FKJwCgWeKO1Fsdvhn7Nq1hkw8n0jhObmjrLa825JyIdtz9eZwWHXU2jYkYSPXukzb%2FfDsg3ANpmL5%2Fg8tENASEAGzVdVOI78%2FVlAs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-9z0n

POST
H3 200 rs Show response
ad4m.at/ Frame 4834 2 KB
2 KB 50ms
49ms XHR
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b9b56a75026513b1433cac595a372dcd7dfd0360e1916ddcac6a6379b80d800

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6c47b479e90b3761-MXP
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFYXjj6DI2TTxw1eTwnKoI23YTJrCV9NTVCdAHBPdvLagwFd5Ug7uCIEl7I1FJY1vpTzfX8JJ%2FUPGs1E9TJYHFpQvkH1CfzKwPpTRzSk7QJogfTsORe%2FQonTnHiZzxsxGRcGeOc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-9z0n

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 73ms
51ms Preflight
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-9z0n
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1in1qxSpycvEbsuXXSo87nikrdPPz%2FUElaK8Xo2KWa1ewcyCWNPzXUpzPLQvv3R7NqoKGjpY9TFYOpmY7UMmaWFYBrgW38o89g%2FjCpvXD1yV66q1aYAeCGZ6VjxUnbDd1r4XWQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c47b47998e23761-MXP

POST
H3 200 rs Show response
ad4m.at/ Frame 876A 2 KB
2 KB 47ms
46ms XHR
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fdf4bda9d78564053276922b5b5fd624c47277121bd90949e20eaa7998ca445

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 6c47b479e9083761-MXP
date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNZndYv8v88%2FEMd2aeVFaQCIytoubiwpTERTltRcH1XOpn7gHLkEQ4HjWHU%2B5Vldw9byl%2BfSNER4u%2BxmbkpKMJqazhPs8XgkT3qMKO4B40cgR1vAL5DZfYoDlkhLC88BGF5vhUk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-9z0n

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 73ms
52ms Preflight
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-9z0n
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAFBHMWzglb9UJdgdPDIY%2BnXz7PHqxxhR397hOpCHY5l6oBonb8SHuEz9o%2BsbyPJqKZyFe%2Bcd5cSSSk%2FzLyIMo2HBy73dVTF56DYz77Rys6lh%2FUeVXzWZFnHG4KI4eQG%2BM6JbYg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c47b47998e13761-MXP

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 70ms
49ms Preflight
text/plain 2606:4700:3039::6815:c09b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c09b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-9z0n
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJSb7YbYqTRFC8sOuGz%2Fn4p6hKzrQG0IuTHOxfSxLxUqMBlEMiUi%2BGWquxOc%2B8TSHrJpKMZM1g3e8AombhaAt0MGQxd8PWsE43pho%2FQBBeETWwhGmgQd6n70ny2VQ6Hpq9OWq8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c47b47998df3761-MXP

GET
H2 200 /
node224.impressionssl.adshop.infolinks.com/impression/ 37 B
222 B 621ms
95ms Image
image/gif 199.212.255.246
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node224.impressionssl.adshop.infolinks.com/impression/?vh=852466448&agy=414981&aid=637313&cid=640282&gid=642573&id=642574&st=1640662172&kwid=0&skw=newsletter&sid=3255211_0&sip=3118995200&img=642574&pid=4&tid=2&dev=0&mtyp=502&agtyp=0&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&idfa=&gaid=&site_cat=5&pixel=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.246 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 01:04:08 GMT
x-replied-from: 199.212.255.224:26080
server: nginx/1.16.1
content-type: image/gif
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 37
expires: 0

GET
H2 200 /
node224.impressionssl.adshop.infolinks.com/impression/ 37 B
221 B 623ms
97ms Image
image/gif 199.212.255.246
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node224.impressionssl.adshop.infolinks.com/impression/?vh=852466450&agy=414981&aid=637313&cid=640282&gid=642326&id=642327&st=1640662172&kwid=0&skw=newsletter&sid=3255211_0&sip=3118995200&img=642327&pid=4&tid=2&dev=0&mtyp=502&agtyp=0&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&idfa=&gaid=&site_cat=5&pixel=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.246 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 01:04:08 GMT
x-replied-from: 199.212.255.221:26080
server: nginx/1.16.1
content-type: image/gif
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 37
expires: 0

GET
H2 200 adview.htm
rt3046.infolinks.com/action/ 0
135 B 174ms
174ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3046.infolinks.com/action/adview.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&bdc=1&midx=0&emd=NDI0fnd3dy5zb2xpdmVyLmRl&rts=1640662173749&prod_t=f&jsv=1775.005-3.025.ab.1774.006-3.025&sdata=newsletter&scs=AJYPJfQsMo&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b479fe14694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adview.htm
rt3046.infolinks.com/action/ 0
138 B 206ms
205ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3046.infolinks.com/action/adview.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&bdc=1&midx=1&emd=NDI0fnd3dy5ha3RpdndlbHQuZGU&rts=1640662173750&prod_t=f&jsv=1775.005-3.025.ab.1774.006-3.025&sdata=newsletter&scs=AJYPJfQsMo&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b479fe15694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 3154 6 KB
4 KB 24ms
23ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee55b61ffe509e60c8ed99cfd55aaacd76e6c18ca71cb33a7ce66b1e1a628e2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1g86tqa4bxbtgc0sjpk9bn02wbmapz1dnqzfv16d8m98rxvy199f1ktt3b3hp67dmz8prs9zrkrtqza109b9nx2tmckaxm7qj2dxfq8v48akmej40vf60sv3vxv4wf5jf1ps7s4gvpvqw4wwgxb803yytn1e78vmhcbbf518esz5m6h9jnrj6k27nqf6yn89dk521m1rxch8z9vwqjkpv999n3rs5t87xbajatzvff4d3gzdqp86gt4gbe9kfcn0be38x5dq3rr7rsybqyxyem8qmm7nejbjw40wcrsrnb0dx56eg5dxr3cpgd2ve5phst4h7j3gc272m4903nbv062dxsa21bm1vmvwj2e3z5h4jza65f7hte26bfybt5zcy7bdfndv2dzc7471ygn35gyhfm618h5rn92nnw73h66pgxzzy3p1e&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%26client%3Dca-pub-5636182232018393%26adurl%3D

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47a28e54e9d-FRA
content-encoding: br

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 25F6 6 KB
4 KB 22ms
22ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15ca1f08cec06b3189b4c4b9c2676bfdb4ba541563e1d7da09117281e42523d7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1hzjr9ccsvebaexq7seas52w19whbk3j518frct2660gsaqa8zp25t5q1nn5a92gd08s6rb72faxc7fsqf8ycgjx0ne8m9aj4c9036agz28bzgh877hqd2qh0fhgkpb9kmv52ayp25k2n8pkb0d49vny1eacnhvvarxwksskdkd4wzby30qyzpzfx2p3n2yxb80bdaf3qbpsq4znt6xmfxeh90vt8seabmfbemyadqzezgf7ch0yzt72dj6sjnkqsz2p9kcrsnywcjv2vcvr3sz50gewdxrqwhnm26jpqxbr9ggrz9t9df4516m8xtwtmdzgh11fn6hxd26qexzcedxvxtgvsgbvg21q8nmqeexe4k29qkcxvkq90fczwrj7022fbpya2vrdby45e5sq22dqj3yzxnbgz5k8d8avncpmkz9xtq1we&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%26client%3Dca-pub-5636182232018393%26adurl%3D

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47a38ef4e9d-FRA
content-encoding: br

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame D355 6 KB
4 KB 19ms
18ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7bd2a6480bb600bc1cd843ec130163e8a530930bf582f2f53701df4a993b838

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1gycdgd41jhp9xvh6bhjypearcztb6b3hczdn00byja6xgm5tcwdd83tq9rhh6ha62101hw1dfg8sgexe86k2596r3rkdye3z73r0vfn08fqkkwvqjp4qtbq6m6f7vnphnydfm1pc84em27grmsqe1b1nzesxghesc84xdk0nwvvrhdkpqb7eafq0zp85pdbek1ms3614ff3x6mzzjrke9fqjkv9vyx0rbcwxwjxrwxxv7fbta6m6nzm9s16r8q715ct37cg8qa082rh5r94pswh6z39svhwwp7rgce9h171m7r9bgh4d67e4akwj9340bhca1rzrxknt65vfwtdy60gsm3efjc4tg9r52zv6t8a96jb9ghjgmgwas8qgy2h0s6xjdpn0g7mjs6eqb4nxqm4ajjtqk2jy1hch470qb9dks2p2z0k8&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%26client%3Dca-pub-5636182232018393%26adurl%3D

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47a38f34e9d-FRA
content-encoding: br

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame F92A 6 KB
4 KB 37ms
36ms Document
text/html 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e313e011e0c06c40e1e37ba7d505159b52f0117cc0974fd0770eb6f8030e13b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1kz55ezgwcpn33cacardz9w1p4nmcs55ats8d6vm18z1h524n3p8g0dexbvx1ca51c52mbmebmkwkfj5ypk01304zme2xmxgxh55ztdsjhrbdvv3j3pw3k3zmtexdatapmq6vgh5bqk3etscnk8h2dmy9gefe66b4x512yvn9g1htf8g4y2kchhhn7az605hyseqjbjqvf3hn8gtzszp9xabgj7wajvbgzvaxrmkrdgrwhnd6myqfjs4y765frn2v8gdy6kfk6zd63d6ap91cgwn9zt4eb22c013x53r439tv5de719d78nzkdhf0t2dama4qtd5n5hm6x1vvbz238b6tbwx1a6ksh9d3jjr1wx9wp5ej77nfpcka346ajfr5p5rhsbfn79cjxw350nbzw5fdcctgvq8bg9cn6rfcx6rz2g4x8c8g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%26client%3Dca-pub-5636182232018393%26adurl%3D

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
cross-origin-embedder-policy: unsafe-none
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
cross-origin-opener-policy: unsafe-none
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6c47b47a38f74e9d-FRA
content-encoding: br

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 3154 81 KB
11 KB 24ms
24ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b47a79274e9d-FRA
cf-bgj: minify

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 3154 53 KB
54 KB 39ms
30ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2178656
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycduo0UTEdnOX-MiABea3R9RVC-wUFGbcbM88E97re81Z722vGl7PPS0-v7ZFyRoBHDbyGT1R2Iixydz_fKctb0kf50Zd5w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dvVDNO6DxHGgsP7PSX3bWFobEFuTghEL5I376HXGXKQR7eVoHIn2%2BjuqPNqEnxBbtiIHut%2F7IuZdUZu1XajrRz6z5H3omD6NNoVN21%2FKxNKM31%2BCk8jwpR3414mwsNbVgJ0%2F7hP11Uee95q"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6c47b47a9a54839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame 3154 23 KB
23 KB 42ms
36ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=I4uEDQ==, md5=w0ixd5U6xXIINsBOGiFnPQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1045977
cf-polished: qual=85, origFmt=jpeg, origSize=132437
x-guploader-uploadid: ADPycdv1oUkOs05TCidQdrERCUcxtUKCFtCXSowGaUdEKe-RWLKCUcnmutFnQgj6j-6pGwSE6-MYNN1LlAqLhHLnGk4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23154
last-modified: Thu, 09 Dec 2021 17:51:23 GMT
server: cloudflare
etag: "c348b177953ac5720836c04e1a21673d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6ykhp4my%2FPNWvzLhLKFZJJuiuknrlGEuDCeJKydeOfOEjJypzAmceVYnmTg5OKlHvgzGmq3Odqy7e1GJLL0OO3ObJENGbeRxGR6%2BbFnZOGuL75mHhl3kP39uDM5BlqDZ%2BK5i7IdCoeGyAeu"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639072283176296
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 132437
accept-ranges: bytes
cf-ray: 6c47b47a9a55839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.o2online.de/nws/img/ Frame 3154
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6...
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=202112280429336095666...

43 B
808 B

37ms
11ms

Image
image/gif

82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 3154 9 KB
10 KB 33ms
27ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 639083
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdtd_qzJJ2j8fLhc4MnJy8Pr9WXO00HsOwNKEMijhkjdKL7lwbsOmTLi6JDxSHzxUMKw-IAs7yuzXaCBOIMf-G4xdCME-A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49uJRm5Uc2v0r9pRXSU5Lmt3uJPI93f8caDgJlHXdCQZlVdFMLKcmEjye6e7aQa8oOVH152LFzuVmxgaiQ7UTKDlMXvDbjLIDvz8MgtJXvUkRhqt%2BwmWFjGgVc1JhGhlY3dsZZJrBTuy9wyl"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6c47b47a9a53839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame 3154 19 KB
19 KB 31ms
26ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2160130
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycduccTQX0v5HStdzqUBaOSMAPFvevjIm-E4EkrINYblBfrL1woNBTr1xy0gQfP0Q0nlAtaOtVvilm33PZqLnjD4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2FXF%2B%2B4GafKipz8%2FUYkJNZt4vNZyx3QMf8X5YM109bEI6ZQxK6qCmwSObbDAJCxWzS5voYqyDfAvblEFTHGCo%2Flx%2BU75VqOlpmpKNph6G8GLsF6f2o7nEGTf%2B2lGaFNsLwy6yl4sZbgtWXuW"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6c47b47a8a4f839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.blau.de/nws/img/ Frame 3154
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&g...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669329X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6v...
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=20211228042933609566693...

43 B
791 B

28ms
9ms

Image
image/gif

82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669329X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.236 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669329X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
assets.ad4m.at/logo/ Frame 3154 6 KB
7 KB 35ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=6d5z5w==, md5=vnImUageZAe9/YM5SlniMg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1046711
cf-polished: origFmt=png, origSize=15890
x-guploader-uploadid: ADPycdsK196Ecn03QPRqBp8CpDaVgJT2AsDJ3ZlT3eiYjBXrTxRrOuYO0NMKrtr3tiaUJcInnRcq-6tBotOZwFvzyY583q9byQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6208
last-modified: Thu, 16 Jul 2020 06:05:30 GMT
server: cloudflare
etag: "be722651a81e6407bdfd83394a59e232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6%2FPnkPYtYShPuquKfX1JV4lPs3jzwwd1h8yu0z7yT5%2Fb4CcwDOZcWsGErZcmMNZXGCGRIhM43fHAe3leojC5phuRe02i5r5eNILCoiaCTi6FQnlA%2FIF05EnaLxbpO6Zjvjk1e5LwhE%2FeBxn"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594879530502671
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 15890
accept-ranges: bytes
cf-ray: 6c47b47a9a52839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
assets.ad4m.at/product_image/ Frame 3154 9 KB
9 KB 29ms
24ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=iUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mX&g=b91d88596e2ec2724a44283fc48b4030%2F7294576273714394437&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173761&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1h8jn5j7wvsvrjmykkvqxvfqqn3fw0cs7dnyafmvete190hsjn68wmbh9ck6bex8y7yaj4afmbfdh7816w4gbp569pbe0pw15rat54xww0bz89cfqrqrx4h3jspvx289n26npdt2vm5qzye87ahhsnx4xmx0xjh6zz3gk53yybngskn0pngyz5d62cq0m2rtezserz387xbdgatgy97syc1ysxkpesrfvevbg8xn4rg3jevwg3zytwqyefnjqx1wxtn0crfxgmcwg1spmeg0%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCsOqSnYTKYamMBNClx_APn7aNkAKQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBI8CT9D3vw3rprV3tv7zTSaKhHm6BxL1ghWdURTCf9nGabWnaD4-fEckCILJ3qzJsbiHKNR0Mo2-2I0Xg0PEy7Q84wbn8BXOi1VUVmGhKFPpkKHE2xhBqO2RLeUTWh_gFNIBzSUI2CjaXVFcVQNu5XSvYrwNEKrYi4OJjKIhJcvIyBtoiL9wjbIYfMHlrq9F-0dbnsH87QgJH_O7vuqvFyjF8WmNlfuy4byLskKnBTztfmX4v6m0vwoVF2OJeDktwEIVfA0KFZP6SuGbizTRTR5xTjq0Uiw0wKagclZEn1VB5ZWmsASmjDC8GMc0E0vCBD0qiYiXVVF_1QI6l3CARVXXfl1HvmFyzmTVyysRvUNGXYAGrbT_mKTjpM8ioAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1y-KKnHS3tVYuOsoayCfw9oxb3sA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=z6IwRA==, md5=1A70ndCinKDnYB0bQF1NeA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1047031
cf-polished: qual=85, origFmt=jpeg, origSize=25987
x-guploader-uploadid: ADPycdtMtTyN6zhwj0c0pJTwLpXG_gF4oeCdn3NaosXgL23nDxjjW4hVymyvi5PPiOg_a5ZgzSyiTCEuVJy8FpcaQn_EjTKCbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8886
last-modified: Thu, 17 Dec 2020 12:29:34 GMT
server: cloudflare
etag: "d40ef49dd0a29ca0e7601d1b405d4d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvYc%2BFE5LGDT1xfkSeFsoJJphCt1Kz6iJEG7Fwx8LX4TiIaaHWniQRBIiEWHtYSFFve8eNRn5ua8Rxlu%2FlZyIyolBWJ4GMJUhp3XMQRfCqRLn%2BA8Xs1Yzlsk9tZ6P%2ByZ52LjeNwT5ruH2deQ"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1608208174589657
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 25987
accept-ranges: bytes
cf-ray: 6c47b47a8a51839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3154 43 B
704 B 72ms
24ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2629118&v=19228&q=388274&r=412871&pv=1&pref3=oneid2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcgoneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame D355 81 KB
11 KB 21ms
21ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b47a792d4e9d-FRA
cf-bgj: minify

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame D355 53 KB
54 KB 44ms
36ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2178656
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycduo0UTEdnOX-MiABea3R9RVC-wUFGbcbM88E97re81Z722vGl7PPS0-v7ZFyRoBHDbyGT1R2Iixydz_fKctb0kf50Zd5w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ChXzoKJGx%2BNUgncOHXxzZK3uylfRy7gf%2BF2Xadq6x2ka0pEnYfmblJcC60E4iaqZ0BjwqGcmKl%2BAc43qRdZxU5U7OSccSP4641BBVmLwCeGTA3LGiZ8vaFkyKb7InaHcd7zJieQnxBx12HeK"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6c47b47a9a56839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame D355 23 KB
23 KB 30ms
28ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=I4uEDQ==, md5=w0ixd5U6xXIINsBOGiFnPQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1045977
cf-polished: qual=85, origFmt=jpeg, origSize=132437
x-guploader-uploadid: ADPycdv1oUkOs05TCidQdrERCUcxtUKCFtCXSowGaUdEKe-RWLKCUcnmutFnQgj6j-6pGwSE6-MYNN1LlAqLhHLnGk4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23154
last-modified: Thu, 09 Dec 2021 17:51:23 GMT
server: cloudflare
etag: "c348b177953ac5720836c04e1a21673d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hO1PUq7jK5MrJ5EZS3lNWQg9GYbUiqENuvbGDGRTYlxTPrG4KewT6SLB%2B%2FPr03CG%2BKHFJqN1530m3UlHfixStWdOXHeOWLZfdL9lAdtRURKaQiwk2hxv8gvXxZMn50G5VILWa1Q0zztszeRw"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639072283176296
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 132437
accept-ranges: bytes
cf-ray: 6c47b47a9a5a839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.o2online.de/nws/img/ Frame D355
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN...
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=202112280429336095666...

43 B
808 B

36ms
10ms

Image
image/gif

82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame D355 9 KB
10 KB 31ms
26ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 639083
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdtd_qzJJ2j8fLhc4MnJy8Pr9WXO00HsOwNKEMijhkjdKL7lwbsOmTLi6JDxSHzxUMKw-IAs7yuzXaCBOIMf-G4xdCME-A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xdn5GX5bnf5gcZBEnn059dLc%2Fr7rtEXXX0GzwDl4%2FZ8gq7Tje8RDq7rPluHBGrRzamRYlzGG9qz7pekv0XFJ%2FbNpFSX%2Bmr%2Fm5epx%2FFuM5EdTr1nYrnqpbcCIp9jcQY%2FnXVIkX1NVOdYv7ghg"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6c47b47a9a5b839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame D355 19 KB
19 KB 31ms
27ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2160130
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycduccTQX0v5HStdzqUBaOSMAPFvevjIm-E4EkrINYblBfrL1woNBTr1xy0gQfP0Q0nlAtaOtVvilm33PZqLnjD4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=podsDwba%2FcwKyF%2B20wFuuqxBs8JbKHRIZeRFTDxVb2PqQt8XrIMMNTGlW3%2FyExDpGcjh1VHBrddx4eyq9YK5kah0lWZHZRZTh7f%2BEeRobSS6UNxL6iIv%2BtD%2Far45%2FjXhKtGJLiySnVbFoUZM"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6c47b47a9a5c839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.blau.de/nws/img/ Frame D355
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669331X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6P...
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=20211228042933609566693...

43 B
790 B

26ms
9ms

Image
image/gif

82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669331X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.236 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669331X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
assets.ad4m.at/logo/ Frame D355 6 KB
7 KB 37ms
34ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=6d5z5w==, md5=vnImUageZAe9/YM5SlniMg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1046711
cf-polished: origFmt=png, origSize=15890
x-guploader-uploadid: ADPycdsK196Ecn03QPRqBp8CpDaVgJT2AsDJ3ZlT3eiYjBXrTxRrOuYO0NMKrtr3tiaUJcInnRcq-6tBotOZwFvzyY583q9byQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6208
last-modified: Thu, 16 Jul 2020 06:05:30 GMT
server: cloudflare
etag: "be722651a81e6407bdfd83394a59e232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPO80pS3ww7rK3Er3ScfaQCRBPjKAs1Lrj9B4cZFJX7SFoUjLBgVMijk8RnTAN%2BrAQWZUzOi6IL4kXNJplN1lkYmyB7akqWINeUkYR6VPzsLpEZWzADY38cdj3LcKoAk3cciW4rxBmwj%2Ftm%2B"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594879530502671
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 15890
accept-ranges: bytes
cf-ray: 6c47b47a9a5d839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
assets.ad4m.at/product_image/ Frame D355 9 KB
9 KB 30ms
26ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=bUWNDFN6PDLv5x0PgLY34KAVeZTP4NEH&g=895f08d2236385b487ca04dea37552c8%2F11083288824085399649&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173766&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gbhk13kskc58pdkann30z8sqaces1vkfwwcpnxjqhjj1yn7792ty75dnh8crm9frhrv73qg97d1b85qdp07jehdr2q1xfpczszzv4rtdnfp6nc9k6c34fmgw4gtt8bq221kmpj3csrf9mw0hqvd3zs7s830273regb81wq87mqcr0v073em5yby7ezwgwfbg52kwqgrjj8a71njdb2r3r86h699a44s1he7tbdck4vf0kkrw6qxk293j8e7hdrghkpvwgcq2vykd0zedc10%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC_17pnYTKYeWTBMuox_APkJye8ASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01NjM2MTgyMjMyMDE4MzkzoAHCrujdA8gBCakCfDU3XUQCsz6oAwGqBIsCT9BCsfF8o_ueuPt3qbGfSso4566CRUPBpUwVQmdHznLlsj1YEtpS7DfsUAQuwrdklGw-06exBU3S1f2O2FXceXekm8nw90TXLrTaDi2GSoXL-9qdNXumIphAgPlmTUuu7iLy0eP60bhtdsqWCewzDxVlJj1eiwThDCBSYIGXhxDLQx97gAxlG2xkEIHBZBQ2Pjxk9vENJGmsKdlsc6i2F4Czp9CgL9jzFxhQAI_crxgvsaDMTBcZRCa1VRUJIVfoYDWVu5ebC8BYomHWqxF3bGTnlXQKE79M9I1U6xdnlvNwj2I5XB0VzoQZ4aEdINTgT_xv4Z_TsBLrRp8QLpL3ym5nbAVlk_x1IPDkgAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1Ynqf0CDh5KDMzj_Gjf5r7AmGAxw%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=z6IwRA==, md5=1A70ndCinKDnYB0bQF1NeA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1047031
cf-polished: qual=85, origFmt=jpeg, origSize=25987
x-guploader-uploadid: ADPycdtMtTyN6zhwj0c0pJTwLpXG_gF4oeCdn3NaosXgL23nDxjjW4hVymyvi5PPiOg_a5ZgzSyiTCEuVJy8FpcaQn_EjTKCbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8886
last-modified: Thu, 17 Dec 2020 12:29:34 GMT
server: cloudflare
etag: "d40ef49dd0a29ca0e7601d1b405d4d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcbgXEeNFbrSrYeJDk2x1fRswDdSuVz1JPU8j7DQlXtBw7uQm2YZaaS3zoYrhfkPjuBwSoPXUqaFtm8jI6k7dMQZvxkZ1qD1bYnFxhhqdfK6GCuWew4v6jrc%2FFLah%2FZzlLM6eENPOwjupTbF"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1608208174589657
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 25987
accept-ranges: bytes
cf-ray: 6c47b47a9a5e839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D355 43 B
704 B 65ms
25ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2629118&v=19228&q=388274&r=412871&pv=1&pref3=oneid2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcgoneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame 25F6 81 KB
11 KB 17ms
16ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b47a893a4e9d-FRA
cf-bgj: minify

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 25F6 53 KB
54 KB 31ms
31ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2178656
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycduo0UTEdnOX-MiABea3R9RVC-wUFGbcbM88E97re81Z722vGl7PPS0-v7ZFyRoBHDbyGT1R2Iixydz_fKctb0kf50Zd5w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIVxfjgEppe%2FcSmYtJWQ7Qlu9NeVl8Q%2BA%2BVshGgAZFbbLxqY6c1nfBixkYnNMA5nyImLndFpUWby%2BXumHh2s8OTCCb0tfET1dJMVZHxwPumrguU20ZHO6wSZL1mmbPyaswmxOib2kR9FZjql"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6c47b47a9a57839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame 25F6 23 KB
23 KB 35ms
32ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=I4uEDQ==, md5=w0ixd5U6xXIINsBOGiFnPQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1045977
cf-polished: qual=85, origFmt=jpeg, origSize=132437
x-guploader-uploadid: ADPycdv1oUkOs05TCidQdrERCUcxtUKCFtCXSowGaUdEKe-RWLKCUcnmutFnQgj6j-6pGwSE6-MYNN1LlAqLhHLnGk4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23154
last-modified: Thu, 09 Dec 2021 17:51:23 GMT
server: cloudflare
etag: "c348b177953ac5720836c04e1a21673d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2BYQzbdoBnd0N82JA%2BfLAzWM2T8Ai7pdnNAlR5kjTBTYKU4a2DmyVjLJ5B%2Fpl8FUkRDht%2BuIpDM%2FQDAsiHeC4JectiBaLo8E6%2BNjDNRllZL4rxFQULa8DzYKIPwSTes3gaNlXo3t8cJRTHUd"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639072283176296
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 132437
accept-ranges: bytes
cf-ray: 6c47b47aaa61839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.o2online.de/nws/img/ Frame 25F6
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wP...
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=202112280429336095666...

43 B
808 B

37ms
10ms

Image
image/gif

82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669313X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 25F6 9 KB
10 KB 36ms
32ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 639083
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdtd_qzJJ2j8fLhc4MnJy8Pr9WXO00HsOwNKEMijhkjdKL7lwbsOmTLi6JDxSHzxUMKw-IAs7yuzXaCBOIMf-G4xdCME-A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6Fhv7Ml5q9aGEZxDCBRPAzncCsIOCMqBUI7%2BEp01m1HB22xJzADUHcaTBTJZZwD%2F%2BytJYZkpX3WiJMO%2FeRES6FeEdH%2F%2F9kC%2FGhpBNFY%2FHgYoM0%2FAl2gIH91VHX3ALmvOLTFOJRSxTcFCjEb"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6c47b47aaa62839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame 25F6 19 KB
19 KB 35ms
32ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2160130
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycduccTQX0v5HStdzqUBaOSMAPFvevjIm-E4EkrINYblBfrL1woNBTr1xy0gQfP0Q0nlAtaOtVvilm33PZqLnjD4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JFmAiUycDeB%2FNROZgGMD%2FeE6GEtsBY2KAkfGicQAjmdJwa6CYhQRr1M3%2Bp1HUg2bbDix1fIsZQHoIM25NpGKSvTlBRwCAzXi%2F1UjqMmpY3tJlUfd9DFWhT1uEOiHK6WGBjy96BwUnTHBVgZA"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6c47b47aaa63839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.blau.de/nws/img/ Frame 25F6
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&g...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPn...
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=20211228042933609566693...

43 B
791 B

28ms
10ms

Image
image/gif

82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.236 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
assets.ad4m.at/logo/ Frame 25F6 6 KB
7 KB 36ms
33ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=6d5z5w==, md5=vnImUageZAe9/YM5SlniMg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1046711
cf-polished: origFmt=png, origSize=15890
x-guploader-uploadid: ADPycdsK196Ecn03QPRqBp8CpDaVgJT2AsDJ3ZlT3eiYjBXrTxRrOuYO0NMKrtr3tiaUJcInnRcq-6tBotOZwFvzyY583q9byQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6208
last-modified: Thu, 16 Jul 2020 06:05:30 GMT
server: cloudflare
etag: "be722651a81e6407bdfd83394a59e232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GcmQvas%2Bfzjoi5Ig68vkMZUiuIJfXt1Ppsq1Dkw4tCZ2GQjusgUekVEacNZJPTc6GuUvwK%2FVVTsekiQ%2B2yjVkEg5PPhmOvgNngwQaU3%2BRodq78Ku4%2FL%2BI82maxPr%2F0fZTbRoc3qSWy%2B0AaBO"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594879530502671
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 15890
accept-ranges: bytes
cf-ray: 6c47b47aaa64839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
assets.ad4m.at/product_image/ Frame 25F6 9 KB
9 KB 35ms
32ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=z6IwRA==, md5=1A70ndCinKDnYB0bQF1NeA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1047031
cf-polished: qual=85, origFmt=jpeg, origSize=25987
x-guploader-uploadid: ADPycdtMtTyN6zhwj0c0pJTwLpXG_gF4oeCdn3NaosXgL23nDxjjW4hVymyvi5PPiOg_a5ZgzSyiTCEuVJy8FpcaQn_EjTKCbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8886
last-modified: Thu, 17 Dec 2020 12:29:34 GMT
server: cloudflare
etag: "d40ef49dd0a29ca0e7601d1b405d4d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tO9Q6ueYvoTXBNNy53EA7zw0kX8J5r6n%2BQZhfSVqX2pn8T2fV8pGAL1k05iQjOG1%2BOoMl8mNn0UeFGOZA4WO3y5l%2BhwxbQikBTf8SW3AAfy2h2KhGJtGebpDFZc3kWyd3l%2BlbexgeeHyIxK"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1608208174589657
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 25987
accept-ranges: bytes
cf-ray: 6c47b47aaa65839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 25F6 43 B
704 B 64ms
23ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2629118&v=19228&q=388274&r=412871&pv=1&pref3=oneid2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcgoneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C166402%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2Cj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2CxDwUQfgPSEAbVhPHdHztDCRRBUJT6T8ZsA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=ki7--wPnm2zs5xlpYr16rHSNj4tMpK_8&g=afb85bc7e3ee028d93f10b9f9659fdb8%2F2457739176559155856&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173764&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1gdfjnebh4d7r2cj4kgtybm4kagfyn1xbexfy3weshhb71tk9tety4abrc4xdp9x4zzy2arw4pwbk78nk3j8gghjj4dwmb501qsmbm9c62cz4zmx91qd3z5yk6wtge6wratcxkfgeqeta1tzym7vm954nxtfgxkgs6ea05xnkvhmaj07y63q5x83v2q92zg3kd8fghw3xb6we2x980atwaq7gwg2yqkesydp6wf47940snz7mraddzbbr4rq2ynmzxsk3jgwh3n4p4z3p510%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCqWQYnYTKYaGnA9ntgQfh7KKwA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0IDpq-26ZlmlEeSvIplWVSFeFh1NL0fO4FeZDdrGH4O8smDrx4pOsQnXu6KBMJuC5qEkYU303SZQJFFwaqFg44DdLrD0SHg9L7xDhJKX7lFXWUYO5_V5VAJxU8ojQSJ6gJEper_ueCSiC7omqreSjn2VOEskTHfgppM5Jbxt-d9SIQvPt2ML6Oxryrn9YIhIj1BNFg-pcw6pJcqFP4npX9QsLlkHiwmSFTFSI-VCRkhaFbW1I6CJOP3GeYUseR_bh0ndAxc4PfwLU-7uTZjHiVUkzHPIsLUbaX6SlUZNZwGgWIn7d9hyxN2PD6xJtB5vVZ6TxGDgqI-PrR4mwSG2ozgXeDm_Yu4utdivLLu_gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1-_hw0VNo1CHi3PLico_YNIMU4BA%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.18/one-ad/ Frame F92A 81 KB
11 KB 17ms
17ms Stylesheet
text/css 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.18/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:33 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1076670
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=83581
surrogate-control: no-store
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 15 Dec 2021 16:25:03 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 6c47b47aa9494e9d-FRA
cf-bgj: minify

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame F92A 53 KB
54 KB 31ms
30ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=V11ayA==, md5=Cid9We/KA2mmmDZF4nNlng==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2178656
cf-polished: origFmt=png, origSize=115129
x-guploader-uploadid: ADPycduo0UTEdnOX-MiABea3R9RVC-wUFGbcbM88E97re81Z722vGl7PPS0-v7ZFyRoBHDbyGT1R2Iixydz_fKctb0kf50Zd5w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 54564
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5lB%2BM8liRaUxo0ZJsIlX8nBuVH7xmJCVZ2pfAfuhsupa1UiLOcMS%2FzuGPGtmGWmk277VykWJ7Rx9bqulEzZF3BykBxEgMtOXqGSEcntnZ0KN%2BLq5C0VQwWcXElZjBMM76hwr0WgAty7dCEc"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883484779402
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 115129
accept-ranges: bytes
cf-ray: 6c47b47aaa69839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame F92A 23 KB
23 KB 30ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=I4uEDQ==, md5=w0ixd5U6xXIINsBOGiFnPQ==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1045977
cf-polished: qual=85, origFmt=jpeg, origSize=132437
x-guploader-uploadid: ADPycdv1oUkOs05TCidQdrERCUcxtUKCFtCXSowGaUdEKe-RWLKCUcnmutFnQgj6j-6pGwSE6-MYNN1LlAqLhHLnGk4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23154
last-modified: Thu, 09 Dec 2021 17:51:23 GMT
server: cloudflare
etag: "c348b177953ac5720836c04e1a21673d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bUUWjSk%2FrAB6RkFFBLwA%2FQ9Eif9qrnHemx%2BEiYxkHuo7cPUWOSzIHW0BUVc9U2R3%2BMgif2%2F5VNAwJ3r3d9vCBSyhAg0hNn%2BnaEdPZ0ncrQ0stlbmRccPOPoUkQiK4TDENjlLL2FhfoWRzGGA"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1639072283176296
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 132437
accept-ranges: bytes
cf-ray: 6c47b47aaa6c839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.o2online.de/nws/img/ Frame F92A
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=oneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1...
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=202112280429336095666...

43 B
808 B

35ms
10ms

Image
image/gif

82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.132 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669323X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame F92A 9 KB
10 KB 30ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=euqM8A==, md5=F0uw3DVkfiBLCaoSCWVgSg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 639083
cf-polished: origFmt=png, origSize=24833
x-guploader-uploadid: ADPycdtd_qzJJ2j8fLhc4MnJy8Pr9WXO00HsOwNKEMijhkjdKL7lwbsOmTLi6JDxSHzxUMKw-IAs7yuzXaCBOIMf-G4xdCME-A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9258
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksmG66k0mID%2F72a6zCf1TNVIbTIyZ0133IQti10QcfsvE2D%2FKheE05OY4ZWnmslZBcZNNHMsO4mtl%2BDUjTyJnKTZtrcAsXr1duHMRVk%2BMdrObCp8tTurs%2FUZ6d5UiE2yEd1NAxvXNTzgLk1v"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1612883517528266
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 24833
accept-ranges: bytes
cf-ray: 6c47b47aaa6e839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
assets.ad4m.at/product_image/ Frame F92A 19 KB
19 KB 30ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0AC0DD533161B07A3BB2D72DC66FF10DF997383C63884E78FDBEF4BEDA8ED904DC259BD68D098814FB574FED8B566E90A3C1272EA9C368275203F9D628BB015E
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=1aKs/g==, md5=nBaxji7Rcg1LrHhoV5P3TA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2160130
cf-polished: qual=85, origFmt=jpeg, origSize=84530
x-guploader-uploadid: ADPycduccTQX0v5HStdzqUBaOSMAPFvevjIm-E4EkrINYblBfrL1woNBTr1xy0gQfP0Q0nlAtaOtVvilm33PZqLnjD4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 19022
last-modified: Wed, 10 Nov 2021 15:00:52 GMT
server: cloudflare
etag: "9c16b18e2ed1720d4bac78685793f74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v8xnxmYTKvn%2BCFnopaKTFeFberJDYanSd%2B8%2BgE30iWmZPTMGxnBuAZmaaXDKBHK6%2BSt17kDKD9D3VqXgfG3aAeKMIxNdZxZDAdYIUsdGI81iNkKXyrzBtcbvlmSoku8u%2FjiUfleKxPGTKnxe"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1636556452656256
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 84530
accept-ranges: bytes
cf-ray: 6c47b47aaa6f839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1

200
OK

postview.gif
portal.blau.de/nws/img/ Frame F92A
Redirect Chain

https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gd...
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=oneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_c...
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2021122804293360956669315X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1...
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=20211228042933609566693...

43 B
790 B

28ms
9ms

Image
image/gif

82.113.101.236
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669315X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Server: 82.113.101.236 Hanau, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.blau.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 28 Dec 2021 03:29:34 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

Redirect headers

Date: Tue, 28 Dec 2021 03:29:33 GMT
X-NODEIP: 46.4.62.19
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
RM-PrivacyPolicy: https://www.nonstoppartner.net/
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Location: https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669315X113752V1225131106MSoneid9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcdoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Keep-Alive: timeout=10

GET
H2 200 63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
assets.ad4m.at/logo/ Frame F92A 6 KB
7 KB 30ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/63C59000D9C213BF45B1F82F0F2618F31313AAAA8B58CC73D9E650F42FBED7BA4DF9A1F0D5E39C9D50FDF4A5C844FF0FCC1CD3C6A60D5E5960184143530743A4
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=6d5z5w==, md5=vnImUageZAe9/YM5SlniMg==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1046711
cf-polished: origFmt=png, origSize=15890
x-guploader-uploadid: ADPycdsK196Ecn03QPRqBp8CpDaVgJT2AsDJ3ZlT3eiYjBXrTxRrOuYO0NMKrtr3tiaUJcInnRcq-6tBotOZwFvzyY583q9byQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6208
last-modified: Thu, 16 Jul 2020 06:05:30 GMT
server: cloudflare
etag: "be722651a81e6407bdfd83394a59e232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLrBqpFBXRRoI7nKxKv6zzTG2SUr0kt2dDQOuMNacI%2Fd9iAfQJfztRJPXmmwFAas9hNxxmrH8DiUzw7nmGNve2UMjSjBGnKyAeHIzVuXvbz85YZnSfJVwWWJEas48cDVBiWkJwaFplOEUayO"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1594879530502671
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 15890
accept-ranges: bytes
cf-ray: 6c47b47aaa70839d-MXP
cf-bgj: imgq:85,h2pri

GET
H2 200 1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
assets.ad4m.at/product_image/ Frame F92A 9 KB
9 KB 30ms
29ms Image
image/webp 2606:4700:3039::6815:c09a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1676B5A8D805B79544F31FDF318F71919051388884DEE860E61C018B9F1A57100F3300CCE67F3E220C3E5A469FED99CE509B2A1EDD13F0FB6C8277D894DDF6BE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c09a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-goog-hash: crc32c=z6IwRA==, md5=1A70ndCinKDnYB0bQF1NeA==
date: Tue, 28 Dec 2021 03:29:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1047031
cf-polished: qual=85, origFmt=jpeg, origSize=25987
x-guploader-uploadid: ADPycdtMtTyN6zhwj0c0pJTwLpXG_gF4oeCdn3NaosXgL23nDxjjW4hVymyvi5PPiOg_a5ZgzSyiTCEuVJy8FpcaQn_EjTKCbA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8886
last-modified: Thu, 17 Dec 2020 12:29:34 GMT
server: cloudflare
etag: "d40ef49dd0a29ca0e7601d1b405d4d78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2FJ83DZNdiwhsiFvCCC66RatWEQ5VPzdgMKLgpbPZZoIDIcrUGD5vbtYybV8UkiiYUFrm9RGU3Kgkh8Be%2BrIaGPsrfRwUWZ2Act5zl6s82FTZRD2s3w2tugwbUoWbbEMnHuUXJzO1egvDIeZ"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1608208174589657
content-type: image/webp
expires: Wed, 29 Dec 2021 03:29:33 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 25987
accept-ranges: bytes
cf-ray: 6c47b47aaa71839d-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame F92A 43 B
704 B 62ms
23ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2629118&v=19228&q=388274&r=412871&pv=1&pref3=oneid2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcgoneid__asuidCA1wVb1I1tbt5V86W13Zj_9d23s7CuRDasuid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19491%2C64769&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C9M1SMfKMtxEpSKHBH2t7trrqswTmTxVcd%2C2xqt6fRQfxEkJuVHWHkt8tAYAcWT7TEYcg&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C1YRCbf7QTqBbt9HdH9tpC22XcRTKTXEhA%2C4BxHEf1KsZp4RCGH9HdtzCD9DuZTpTjRHK&c=300&d=250&e=CA1wVb1I1tbt5V86W13Zj_9d23s7CuRD&g=f87c097d49e6b071a7ea5d2091e55235%2F428669130759850533&i=20774%2C20773%2C27835&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1640662173767&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1g2ntkzmrb7m4bqfktzm58zcpzvrys6p7azdxcvg69k931vp8y65pwdqanm06478jsf7462jnc3fv6phasmcx6n376zhcent0ggv7517krhqsxwjennfxqwnvsayh3cp9t6hfkg96tb9xx82q1a4yfedkkfk4r8ewgvd65yehd9x2ryfrq2nd7qp7ww5x1a7gz5168vnxtxnamnvy6szb0yg8620ajnfrkhmarf2aw2pakmhtdqkazcz7rz65e754nrz8pd1n98sr9kk2r90%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCGWRenYTKYYr_A5eNgAeg-5uAA5DhgYRctqjCivACwI23ARABIABgleKQgqAHggEXY2EtcHViLTU2MzYxODIyMzIwMTgzOTOgAcKu6N0DyAEJqQJ8NTddRAKzPqgDAaoEjwJP0KGmDKsIxRg-EaBzZBKSbQUeuFpxU-1BsY54P4MGBTllZ0ehpd-Fn7qNXmZK_06zRmoc7FRaHerReS3zVVkt9qz7BUZioAn57fVfDR4wxPyZgP_EGzBgkIBPlee9Q5s7ubWtTluWc37qYZO-1aoqArUhKAdqOeKiTUuXrywYUFHbtsnEsmA7KFwGz4IvXNrZ4fp8bSzDbmWmgNBBGa3ZoGVvpjBOWA0rNT9Mw2LxRBPONENHnRFx9J-KnWJH_N_duzBqqMM35HjLmkrIyDH5xcbBUn77mHa5DPYN63GIFYNOMzv9r8Wd4bDUkJuORqh-0b5pxb8fLKltUvu2z0spO98ChV2LAQxYMNsnK9c1gAattP-YpOOkzyKgBiGoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_3Uujvn5RCW-hSt3o_4OzhTrfw6yg%252526client%25253Dca-pub-5636182232018393%252526adurl%25253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Dec 2021 03:29:33 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 504F 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b82b4d7829f2da23b0414cf78a778f4f3a91109bd05613d3256e251062741304

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview.htm
rt3046.infolinks.com/action/ 0
240 B 186ms
184ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3046.infolinks.com/action/adview.htm?rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&bdc=2&midx=0&emd=NDI0fnd3dy5zb2xpdmVyLmRl&rts=1640662174496&prod_t=d&jsv=1775.005-3.025.ab.1774.006-3.025&skin=sidebar&theme=def&sdata=news&scs=ErHkYCwiIw&rsd=n17KIFQ0QoFi_eYMADDrZbdQkQ7liTwNqfCnZnoEhWkMYZpvBJOIrf_RggUK6h9og289u7a_qbRhM6UkjLH7i-INb5HxgBkFNG91B4BQfOG93k78eFOp-7b8VG3sy4QyOo35kj3xXijFc0Pl_SQmfoeAbiMJBZwX&rsk=46&rcs=VOGurJowF0FRreqUVXoi8Q
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:34 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6c47b47ebb05694f-FRA
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
node224.impressionssl.adshop.infolinks.com/impression/ 37 B
221 B 96ms
95ms Image
image/gif 199.212.255.246
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node224.impressionssl.adshop.infolinks.com/impression/?vh=851444970&agy=414981&aid=637313&cid=640282&gid=642573&id=642574&st=1640662173&kwid=0&skw=news&sid=3255211_0&sip=3118995200&img=642574&pid=15&tid=2&dev=0&mtyp=502&agtyp=0&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&idfa=&gaid=&site_cat=5&pixel=1
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.246 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 01:04:08 GMT
x-replied-from: 199.212.255.227:26080
server: nginx/1.16.1
content-type: image/gif
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 37
expires: 0

GET
H2 200 /
node224.impressionssl.adshop.infolinks.com/impression/ 2 MB
2 MB 188ms
187ms Image
image/png 199.212.255.246
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://node224.impressionssl.adshop.infolinks.com/impression/?vh=851444970&agy=414981&aid=637313&cid=640282&gid=642573&id=642574&st=1640662173&kwid=0&skw=news&sid=3255211_0&sip=3118995200&img=642574&pid=15&tid=2&dev=0&mtyp=502&agtyp=0&rid=b6e56b9c-4423-4151-bcf9-2e6aebe7f106&idfa=&gaid=&site_cat=5&mime=image/png
Requested by: Host: itechnews.co.uk
URL: https://itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.246 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 3f871797ff05f414c2b3e42a779f29d3a32ea1471dcf119f102627e85ba7e64c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 01:04:08 GMT
x-replied-from: 199.212.255.225:26080
server: nginx/1.16.1
content-type: image/png
cache-control: no-cache, max-age=0, must-revalidate, no-store, post-check=0, pre-check=0
content-length: 2060519
expires: 0

GET
DATA 200
OK truncated
/ Frame D3EF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 248652680205a777a6a279f43ce964759ddb760c87ffd2c16089e411b1ca7d57

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 761A 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57564096f399610285ef4c130c22b6d57703df5fb9da79841cc92324b4f039db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3F2D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 983d31e15dfe6ae58e97960e804505c11fc16a67c6d22f3a8589434e58b43b10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 368 B
547 B 262ms
203ms Script
text/javascript 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CUFM1S10

Requested by

Host: itechnews.co.uk
URL: https://itechnews.co.uk/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fc22479b45672721f2067b9979945e53e3ad34a40985ec921f6bbbeca9642648

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h: 10-7
server: Apache
date: Tue, 28 Dec 2021 03:29:44 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
strict-transport-security: max-age=604800
content-length: 368
expires: Tue, 28 Dec 2021 03:34:44 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 35ms
20ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1af2c60617b40b677d2ca3c2fbb4cd777db7ff4da8c352f8f83fb9e553f6031

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 28 Dec 2021 03:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8501
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 03:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Tue, 28 Dec 2021 03:29:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7D8D 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 27 Dec 2021 12:17:39 GMT
expires: Tue, 27 Dec 2022 12:17:39 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 54725
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F6BC 783 B
536 B 39ms
16ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bdf398ca37b39858f304a89191e623e04048dce5cc60782b22c3a2bf3090a501

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-khZAQuYj6hXbp2J6mPx0cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 28 Dec 2021 03:29:44 GMT
date: Tue, 28 Dec 2021 03:29:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-khZAQuYj6hXbp2J6mPx0cQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D8D 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 27 Dec 2021 11:58:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55845
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 27 Dec 2022 11:58:59 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F6BC 0
0 18ms
18ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=3406032875673221&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=3406032875673221&bg=!1Nel15PNAAZKWFskSlg7ACkAdvg8Wh-ZwRDJTA2C2eJmxkU9Oq6SvSbSe4u47H_sWWXm1ZZQEwWUegIAAABrUgAAAA1oAQcKAL5rH6iBo7s7BPw9XxbA1eC1kGSDamIN5nL1RmFuHR3n6pWafw8Vhzpyq8paG6LK5sitQoF-fvPgh4KkocmubEyE9Uxg6GKCNzd40HODYSiklA8lAO1K6cZtPRIniaq0eGK9c_AI3mH6FFrajS9eOeUyObvWXAeCq2jo2s-5GT5Wq_2P8yToikseNQTA7x8gcnI5OqiZbhylXlu1p5L839UmGYaitYbL16k_FmZDziaBIgBZYoxRUZm51fRmM2QOmQKpH2CbnoopYtnzPF8ok853DOjxXcvMsF9BkZNk2vo2x7UqaliFqEKeePPFYHktXbvEgojcMj0BnBzlRyg6Q_kV10XtU8B3r9lcaehkZ7neWn2tJcN__iqT6gvhJuvKja8JZDglOS957fUtBOCTyayVvDkiM6lNH1Cv8sYFKcYtoyy9TaEM5X1Y7Ajunp503MPxK6Kko2ZGmRcMK9ZdCiJdsDsTTSqVNv6ewu5aRkTksSNU-2mU67kGDvHBRYbB0roQYl9dnfeZ4inE5wbR1pV1lwdjlRSaCwuYq9gp-hKkionrfX_pLLzzqezTZjKATEqpIJaKuN3nMsBnwmBj2bwWfi11tOb-KBtY9OO03WhBjI3raTmWgzkyzvWK7Tjf9tDmNuIqur8KP5JpiQQa51Oyv4gabLALBcXnv69w-XDqovhMeBwx-m3nlhw3v6MM2jOKkQt_HGNOMFgI5JRh8rLXCbunXFwnv4rmunv0IYegrqhsDmhuKKiyCgU7tE38OZNQWhLj70Zaerxxqh2a0kEriFUoItu0vHUTXwrjbVqlwxHL7JM7iHX9stmn6pRPzu_fx8GM-gI2fVo6FnP6XjmS6N8emSfAWICoE5TYm9uWaOC8ZX_ZgjyyryjCv1w2ryaKJkL93jSQrZ3q9wr46SVEcFPQErIfVd3XADQkjWwvhS7ueBde0MIFs_BrDKuP903_VQBPs0gA1_hyLTkyUWCal2Lc6smIwUMV_4i8v6oXssuqwOTCu0gYZODPinC3WwMR6ocWZQg5NuViHJ3zvpovJsIn0ciWJ2US4pDoJurpHm-lGh9G3zjJDX4OfOuL4wzMc8rgfUoi_ukLb8Sqze9eH81YPebElPJQ2bUJ76YmE4I6YWe-F7L-_QMaEi8yXx-7DVpqLwDR1MX6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Dec 2021 03:29:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 flping.php
lg3.media.net/ 35 B
189 B 32ms
25ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/flping.php?reason=0&action=16&pid=8POG0M0R2&gdpr=1&cid=8CUFM1S10&crid=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itechnews.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Tue, 28 Dec 2021 03:29:44 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 28 Dec 2021 03:29:44 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

71 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
itechnews.co.uk/new-avoslocker-ransomware-exploits-anydesk-reboots-system-in-safe-mode	1969-12-31 23:59:59	Name: logglytrackingsession Value: 99d24396-9d6f-4b27-811b-0fbcb801b76d
.itechnews.co.uk/	1970-01-20 17:15:34	Name: _ga Value: GA1.3.976202078.1640662172
.itechnews.co.uk/	1970-01-19 23:45:48	Name: _gid Value: GA1.3.352527490.1640662172
.itechnews.co.uk/	1970-01-19 23:44:22	Name: _gat_gtag_UA_162749090_2 Value: 1
.itechnews.co.uk/	1970-01-20 09:05:58	Name: __gads Value: ID=a72e3437dad9460f-2278386111cd00de:T=1640662172:RT=1640662172:S=ALNI_MYCQ-sHqXtzpH9It8VYQvemymEleA
.infolinks.com/	1970-01-20 17:15:34	Name: cuid Value: bedab72c-9f4c-4436-84dd-a915c2ae98e0
.adnxs.com/	1970-01-20 01:53:58	Name: uuid2 Value: 926576732042191180
.advertising.com/	1970-01-20 08:31:24	Name: APID Value: UP5fc78247-678e-11ec-81d7-06453e459354
.yahoo.com/	1970-01-20 08:30:19	Name: A3 Value: d=AQABBJ2EymECECtM_dlzRgLGVT3wimc1RdYFEgEBAQHWy2HUYQAAAAAA_eMAAA&S=AQAAAufV47Z9pWF7ZJQdhrs6vnw
.pubmatic.com/	1970-01-19 23:45:48	Name: KTPCACOOKIE Value: YES
.analytics.yahoo.com/	1970-01-20 08:31:24	Name: IDSYNC Value: "192u~22c3:18xp~22c3"
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UP5fc78247-678e-11ec-81d7-06453e459354
.yahoo.com/	1970-01-19 23:45:48	Name: APIDTS Value: 1640662173
.doubleclick.net/	1970-01-20 09:05:58	Name: IDE Value: AHWqTUmHeQgFT5vpGInLN1-MbuKf2vftIeI28xThQHhqKGm87HEDWJoDy6PoJeMHd_A
.pubmatic.com/	1970-01-20 01:53:58	Name: SyncRTB3 Value: 1641859200%3A220
.casalemedia.com/	1970-01-20 08:29:58	Name: CMID Value: YcqEnSsMHNxlgAg.-2yrzwAA
.casalemedia.com/	1970-01-20 01:53:58	Name: CMPS Value: 5205
.pubmatic.com/	1970-01-20 01:53:58	Name: KADUSERCOOKIE Value: BE87F759-ADED-4D3F-9335-D2E457DF05ED
.casalemedia.com/	1970-01-20 01:53:58	Name: CMPRO Value: 1137
.casalemedia.com/	1970-01-19 23:45:48	Name: CMST Value: YcqEnWHKhJ0A
.adsrvr.org/	1970-01-20 08:29:58	Name: TDID Value: 270e4143-8d51-41c1-9ba1-bc2e170815eb
.lijit.com/	1970-01-20 08:29:58	Name: ljt_reader Value: 6282b2704e0937dd1f40c18f
.cpx.to/	1970-01-20 08:29:58	Name: cpSess Value: 7ce241e0b6896bcb
.cpx.to/	1970-01-20 08:29:58	Name: dsp_app_nexus Value: 926576732042191180#1640662173277
.infolinks.com/	1970-01-19 23:45:48	Name: VRUSERCOOKIE Value: y-nMWYFiFE2uFD.YAscAICW6fWbAHU8Kd6UlBiK10-~A
.infolinks.com/	1970-01-19 23:45:48	Name: OUTHUSERCOOKIE Value: y-T_.gyltE2uFwDG1oIEEQpCPW_kL9orKm~A~UP5fc78247-678e-11ec-81d7-06453e459354
.infolinks.com/	1970-01-20 01:53:58	Name: ANUSERCOOKIE Value: 926576732042191180
.adsrvr.org/	1970-01-20 08:29:58	Name: TDCPM Value: CAEYBSABKAIyCwiY5q7yn--kOhAFOAE.
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDQyMzA2MrcwMxPiM9TNN0wvTAtwdPQvK_AEAMpqKnMlAAAA
.rfihub.com/	1970-01-20 09:05:58	Name: eud Value: H4sIAAAAAAAAAFslzmtoZmJgZmZkaG5sbGoOAG4WhckQAAAA
.rfihub.com/	1970-01-20 09:05:58	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDQyMzA2MrcwMxPiM9TNN0wvTAtwdPQvK_CU4jU0MzEwMzMyNDc2NjUDAFbt-aE0AAAA
.1rx.io/	1970-01-20 08:29:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003%22%7D
.pubmatic.com/	1970-01-20 01:53:58	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 23:45:48	Name: pi Value: 156872:3
.pubmatic.com/	1970-01-20 01:53:58	Name: chkChromeAb67Sec Value: 2
.quantserve.com/	1970-01-20 01:53:58	Name: d Value: EDUBCQGIJYEA
.quantserve.com/	1970-01-20 09:14:36	Name: mc Value: 61ca849d-62ebd-84333-f7101
.agkn.com/	1970-01-20 08:29:58	Name: u Value: C\|0CEApXUEdKV1BHQAAAAAAAQ13AQCAAQpAAAAAAA
.agkn.com/	1970-01-20 08:29:58	Name: ab Value: 0001%3Aie69XW%2BCgVSYsH530PIPwXi3d2QoLzR4
.targeting.unrulymedia.com/	1970-01-20 08:29:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003%22%7D
.infolinks.com/	1970-01-19 23:45:48	Name: IXUSERCOOKIE Value: YcqEnSsMHNxlgAg.-2yrzwAA&1137
.innovid.com/	1970-01-20 01:53:58	Name: uuid Value: 4e4a6ade-9c28-4278-89b8-f4454c3b8f79-20211227 22:29:33
.infolinks.com/	1970-01-19 23:45:48	Name: ZTUSERCOOKIE Value: 5142336719260327866
.casalemedia.com/	1970-01-20 08:29:58	Name: CMRUM3 Value: c461ca849d05a0&e661ca849d2760&f161ca849d05a0&2961ca849d05a0&2761ca849d0b40&da61ca849d2760&6961ca849d05a00&2d61ca849d05a0
.infolinks.com/	1970-01-19 23:45:48	Name: SOVRNUSERCOOKIE Value: 6282b2704e0937dd1f40c18f
.infolinks.com/	1970-01-19 23:45:48	Name: R1USERCOOKIE Value: RX-ad364bb3-7920-4da4-8ec3-52d0f8a93f06-003
.e.dlx.addthis.com/	1970-01-20 09:14:36	Name: na_tc Value: Y
.infolinks.com/	1970-01-19 23:45:48	Name: PUBMUSERCOOKIE Value: BE87F759-ADED-4D3F-9335-D2E457DF05ED
.addthis.com/	1970-01-20 09:14:36	Name: na_tc Value: Y
.dlx.addthis.com/	1970-01-20 00:27:34	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 00:27:34	Name: na_sr Value: 20211228
.dlx.addthis.com/	1970-01-19 23:44:22	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 00:27:34	Name: na_sc_e Value: 0
.addthis.com/	1970-01-20 09:14:36	Name: na_id Value: 2021122803293300011155319300
.addthis.com/	1970-01-20 09:14:36	Name: uid Value: 61ca849d5bd04ad1
.addthis.com/	1970-01-20 09:14:36	Name: ouid Value: 61ca849d0001e550f7fc317b87a90b230a8cc3e0b9ebe58b3757
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 388274:2629118
.awin1.com/	1970-01-19 23:47:14	Name: awpv19228 Value: 412871\|1640662173\|6039cb20-678e-11ec-a9fe-2263e4039ea6
.lead-alliance.net/	1970-01-19 23:54:26	Name: ppv1226 Value: 2021122804293360956669327X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidbUWNDFN6PDLv5x0PgLY34KAVeZTP4NEHasuid__suite_Netmix_Reach13_BlackFridayPush
www.lead-alliance.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: fpb54hsv0qaivktjvael45moed
.lead-alliance.net/	1970-01-19 23:54:26	Name: ppv1225 Value: 2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush
.blau.de/	1970-01-19 23:54:26	Name: nscQ486 Value: V
.o2online.de/	1970-01-19 23:54:26	Name: nscQ485 Value: V
.blau.de/	1970-01-19 23:54:26	Name: nscT486 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTcxMDAwMDAwMDA2MTY0MDY2MjE3M3ZsZWExZGUyMDIxMTIyODA0MjkzMzYwOTU2NjY5MzMzWDExMzc1MlYxMjI1MTMxMTA2TVNvbmVpZGo4M3VFZlplU3F4SjF1WUhFSDJ0NnRSUkpVS1R6VHhKYzlvbmVpZF9fYXN1aWRraTctLXdQbm0yenM1eGxwWXIxNnJIU05qNHRNcEtfOGFzdWlkX19zdWl0ZV9OZXRtaXhfUmVhY2gxM19CbGFja0ZyaWRheVB1c2gxMTM3NTI
.o2online.de/	1970-01-19 23:54:26	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTcwMDAwMDAwMDA2MTY0MDY2MjE3M3ZsZWExZGUyMDIxMTIyODA0MjkzMzYwOTU2NjY5MzIzWDEyMDIxMVYxMjI2MTMyNzAyTVNvbmVpZFlYMUhyZjE1c3BCcEhWSDlIZXRRdFJSOGNBVDFUNm1Icm9uZWlkX19hc3VpZENBMXdWYjFJMXRidDVWODZXMTNaal85ZDIzczdDdVJEYXN1aWRfX3N1aXRlX05ldG1peF9SZWFjaDEzX0JsYWNrRnJpZGF5UHVzaDEyMDIxMQ
.blau.de/	1970-01-19 23:54:26	Name: webShopPV Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2021122804293360956669333X113752V1225131106MSoneidj83uEfZeSqxJ1uYHEH2t6tRRJUKTzTxJc9oneid__asuidki7--wPnm2zs5xlpYr16rHSNj4tMpK_8asuid__suite_Netmix_Reach13_BlackFridayPush&wfid=113752
.o2online.de/	1970-01-19 23:54:26	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2021122804293360956669317X120211V1226132702MSoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__asuidiUxXxp6vdQmJtCSYtxf4kvw_p0t2q7mXasuid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&ratenzahlung=24
.itechnews.co.uk/	1970-01-20 08:29:58	Name: fc Value: %7B%22NDI0fnd3dy5zb2xpdmVyLmRl%22%3A%221%3A1640662174494%22%7D
.itechnews.co.uk/	1970-01-20 08:29:58	Name: pv Value: %7B%22f%22%3A%222%3A1640662173746%22%2C%22d%22%3A%221%3A1640662174495%22%7D
.infolinks.com/	1970-01-19 23:44:38	Name: tv Value: \|NDI0fnd3dy5ha3RpdndlbHQuZGU~1\|NDI0fnd3dy5zb2xpdmVyLmRl~1
itechnews.co.uk/	1969-12-31 23:59:59	Name: PHPSESSID Value: 504e1ed440b799f171486712cd14b718

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPL71xGTRRSprut2dUxu5KTPZpSP8pwemtwxLz-Kk6fZeZKoiUNFziBm8CFRyl1HoXlxvytmYwDSfBt4Nrh-tkpxDrheZV4eIw&google_gid=CAESEMw5dP8MxXxvkaeFadvR81c&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPLHqL1ZujU2hJbN751Oz4S1ik3Yuz2AnF0dsgLrJoZ_2TZ2zCLAoV1vzbMG6kBukLGVxe2QOJTfdTiCwbnwzix9bFoiSuYQBA&google_cver=1&google_gid=CAESEJ7tXyESzV16TEgTljROKZI Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YcqEnSsMHNxlgAg-_2yrzwAABHEAAAAB&google_push=AYg5qPKTNrX07CnzqN7bfnhBo7jLjmdEwCuN3OTTAbOSZPvOM5jd99nHCfRpZqzi8r0YIaUhllHu7QSj7wOtUhO7aJR8AFMSRdZ0&google_cver=1&google_gid=CAESEIDn_dHd-93ObKBpbGyajl0 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/22.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i0.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/24-1.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/23.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/04/116.jpg?resize=420%2C265&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/02/Facebook.jpg?fit=400%2C479&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/w0.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/27.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/w1.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/25-1.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2019/11/featured-image.jpg?resize=80%2C80&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/21-1.jpg?resize=420%2C265&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i1.wp.com/itechnews.co.uk/wp-content/uploads/2017/01/4.jpg?resize=420%2C265&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://i2.wp.com/itechnews.co.uk/wp-content/uploads/2020/06/blueleaks-exposes-sensitive-files-from-hundreds-of-police-departments.png?resize=420%2C265&ssl=1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://itechnews.co.uk/wp-content/uploads/2020/07/big-logo-e1594687194230.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
adservice.google.com
adservice.google.de
ag.innovid.com
ap.lijit.com
as.ad4m.at
assets.ad4m.at
b1sync.zemanta.com
c0.wp.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
d.adroll.com
d.agkn.com
de.tynt.com
dpm.demdex.net
dsp.adkernel.com
dsum-sec.casalemedia.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
graph.facebook.com
gu.dyntrk.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
itechnews.co.uk
lg3.media.net
match.adsrvr.org
match.bnmla.com
node224.impressionssl.adshop.infolinks.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.blau.de
partner.googleadservices.com
partner.o2online.de
pixel.advertising.com
pixel.rubiconproject.com
pixel.wp.com
portal.blau.de
portal.o2online.de
prod-rtb.ad4mat.net
resources.infolinks.com
router.infolinks.com
rt3046.infolinks.com
rtb.openx.net
s.amazon-adsystem.com
s.cpx.to
secure.gravatar.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
static-de.ad4mat.net
stats.g.doubleclick.net
stats.wp.com
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.lead-alliance.net
www.telefonica-partner.de
cm.g.doubleclick.net
104.111.215.191
104.111.239.217
134.122.28.59
142.250.184.194
142.250.184.226
172.66.41.9
173.231.180.197
174.137.133.49
178.162.133.149
18.156.0.31
18.196.159.27
185.64.190.78
185.64.190.79
185.64.190.80
192.0.76.3
192.0.77.2
192.0.77.37
193.0.160.128
198.47.127.20
199.212.255.246
2.18.234.21
2.18.235.93
213.19.147.45
2600:1901:0:76b9::
2606:4700:20::681a:71b
2606:4700:3039::6815:c09a
2606:4700:3039::6815:c09b
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:808::200a
2a00:1450:4001:810::2002
2a00:1450:4001:811::2008
2a00:1450:4001:827::2004
2a00:1450:4001:828::2001
2a00:1450:4001:828::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:400c:c1b::9c
2a00:1450:4019:803::2002
2a03:2880:f01c:800e:face:b00c:0:2
2a04:fa87:fffe::c000:4902
2a05:d01c:1d8:8102:ce41:8ff6:95aa:83
34.246.39.217
34.98.64.218
34.98.67.61
35.186.253.211
37.252.172.45
38.27.122.101
46.4.41.145
46.4.62.19
51.178.20.139
51.89.9.254
52.223.40.198
52.46.130.91
52.57.25.105
54.154.182.198
54.76.42.233
64.202.112.255
67.202.105.22
67.202.105.33
69.173.144.165
72.251.249.13
79.137.69.91
82.113.101.132
82.113.101.236
84.200.5.215
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
028565858aca93c3b487996eb5af450fa2671990023c0a38f485a16513d26013
0442de55e3838ce2b8cfca9a7ad2a6bcecfd94844453c13b38d7a9f1d31944b9
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
0b2ba63205e57add8fb133d11b5f55af89f91317a2534ee469ff99fce9714058
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
10000e50858213f4e33be0c6e50ffac69e77fe180e9aa08d4aa241273506bb91
15a64cacdd9597a222a744c75ed170c5847a4ebee4d015a279644960ea0669c2
15ca1f08cec06b3189b4c4b9c2676bfdb4ba541563e1d7da09117281e42523d7
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
1b0f3ac9857fb76484d33f90071ea4dd7574cbbc535b7f2afa69c50be3590598
1b9b56a75026513b1433cac595a372dcd7dfd0360e1916ddcac6a6379b80d800
1bccdb9d5ae278996857f388e8a088a552af3f9b961b1a89e7dfd9ef0fcc8400
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e99034e4b75a1fb7ba372a3a950fa19ff4688d8561479b1a34dfcbde83ff3d8
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb
248652680205a777a6a279f43ce964759ddb760c87ffd2c16089e411b1ca7d57
265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e
2a2591598b080930120456339385c6810262d89dbbad675053edd8b5913cc8ab
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ee55b61ffe509e60c8ed99cfd55aaacd76e6c18ca71cb33a7ce66b1e1a628e2
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2fdf4bda9d78564053276922b5b5fd624c47277121bd90949e20eaa7998ca445
3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1
31fce9578dbfe27431a0270b5b32100b1585ce56ea0e8ec117008bb061c25046
3559d2b0660593800b2c1d6ec80541bb0116ba449a1be2c9263bf89520c8cfdd
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
36924d83fea8d53fc69e3fcddffe35b5e3cada7e03b65226a6619c4875d1535d
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3869ca0c100e7a8fb9333a90c4b324e0f4ac8cce3a04db84c154cd23ce178797
386fa71cebfc5d5271f0b43f2a327cd7be07b02cb3adcdaf306a8b677026e94c
395c499e275937e59b349cd11502815e2df98a29f49d06ea2748cde30acef7f7
39ae6b1a1ba72fc9d48b1848e9bc88f4b9da10688232ccca39d85b878db7af32
3be88f7572d3f911fe1943426ad89e2ed1a8c2d9ab039a909f444d424fd79041
3d276d676d044a790a34f40aa20de0fc4e3d1c561a635ae430d28c693fbe1473
3d2c706c6c0d79356ebb6152ae1e607d31cccff9895043e31ca7f6d34cd79ae1
3f871797ff05f414c2b3e42a779f29d3a32ea1471dcf119f102627e85ba7e64c
48ea29f1197c91fa6ae6707b59b411b7b4ba78a8c7d00f76c6a669ee12a00e2f
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461
4c80362ba5242b25bffcdc4706be818565e331f0925bd08f0d33218c15869e95
4ccbe8989c9dcf22fea4349de935ed95c990027c283043b11ebd695838c129ee
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f00ec40b144121114b6cec693fccc2b51a06ab01fc34defa466467b581a7f2c
5487130102cbb465700ac57ad01a84719e28fa09c57c6cce0882b8757eb6195c
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56302eb2b417d169ff7ab6f2dc2b1a171d115f48bfd56d259c42cd8f3dadcc92
56d1d9c225937fdd1f4ce3584a05346febf1e5321777bfab6b281c44c5db5e10
5705bac555461372c5bc88b9c0e7d3055534e5ede7871801f3e6843eecfb5f39
57564096f399610285ef4c130c22b6d57703df5fb9da79841cc92324b4f039db
592031b66c7d6ee6d4b17aae360c0e817b4fa0ccef42467e33183086854192c6
597ae718eb4cb404c6cc743dc744e1b7cf1d2789928c4890561a84106e314238
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
5a53cb90cd8918ced4784f542d32238e9e070c6a07cef3199b559c2b4bda3dd0
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c70cba485e2fbfef7bdc9ca2e6958548629b7c379991b0090dd248dba19b87e
5cbaa50905cbfd614dc889e6155550145a3ed92a0085f7cbfcdd5df69145dfdf
5d353b5eb448c1407a9ad64a2d642ba5319a834f04501f90e28174fcd4025093
5d8e7a97d736a95385d71197ebe69497317842b76b58683cd91ab7ee38f0e3c2
5e1c349c25a53af7a38620c033507086103f0068a241292fc2e6fad63bac4e01
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
647742cbd8b9ea0a3e84df93fe3f208a90b461f932405f8833deb2eb06ce3312
653cbfccb0743fbd84126774fe34fb9a9e80ef4d67ce0f0df37da7a6f9751048
662d1c6d95e756bcf34dd1d42e596ab85b541d1ce3cab70d9964ac3f6090bb7a
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f
676484970866e065257f99f7e656ac1d25ada3604f5f21820119d04dc0f2a72e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
7487931ead50af6bd83227ba789659a9a20957981eee821b31012d2f6b3def7b
75c84572dacefe237bf3c672844409f4860fbcb1f4c96cfb00b4b894fe5fb11a
769996a987ead923de78ded8af9ebbc0125bfdca436dfadfdc9755fd54270371
7772a9cc35fc902c0cccb8871670ec3e45e4695e1bc6941aee1c24db3de8c544
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83ca54c96d86453e5237d08ba75d701c43a34a59da8d40e2bb9eae5d7eb69673
84569c21aafc5b59c74756c75648de4c4564f7733bc1128b0f259ca4191edf77
87bdc85dd639f6ccfe34b64d7d886a1d3f3b5195978b6cabf9121e2455a1ec6c
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
892af9f95c881cde5c6c1810e0f45e4687174a1171504c96b36218dd54bb1486
8aa062fba6f3cd9ce1b8cf732f5aac75b2f239685ca7f26ca63aecf4136f35ea
8cab2b281df357257891c076d8201c5ab9d9f6983d0db6dab159835eb8a7c41b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e313e011e0c06c40e1e37ba7d505159b52f0117cc0974fd0770eb6f8030e13b
937e59152189ecedb8688efcd8b927fc40d43b5c5225a05a25f4cf537ad8ca7c
956fa56f513e1a8025bc85f9314a1747eb061d434403393591145e4ae898c694
96cae96a73c65ceed190aa0b4a9a86f0233798e9a17f27ca57855f4f79ebf678
983d31e15dfe6ae58e97960e804505c11fc16a67c6d22f3a8589434e58b43b10
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e845ffe5c14b9cecf7d5311a0dc5c23bd900e0e195839f023bc32a2cf9115d7
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e57bdf3148028e9b14a646f07892c3f3785eaa142fd72ee0cc058014151fa6
a0ea735f765d5bc1230beb63bcb701b69c80d77c48572a61bb159a8915903278
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a361f60e6ea846c417095bc9b92f09fa67a4286e4eeed9d5bed24ff2b46c2805
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7a8414bd2323e5e3c384ebd09faacd20b4bfc413d14dd39d268edac3dbcd702
aad2ba9ca16c4253bc675c2f385b9e83f25b227faef72fab0663609a404330ad
aae49be2874a769e7f14f3fb6207bd6d3db2b053a4594c3c0e9540ef519e8d5c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1af2c60617b40b677d2ca3c2fbb4cd777db7ff4da8c352f8f83fb9e553f6031
b713385273fc126cde20add9733bc4b0679ac522fc2aab5d75a0b2a8f5d1cbbf
b7bd2a6480bb600bc1cd843ec130163e8a530930bf582f2f53701df4a993b838
b82b4d7829f2da23b0414cf78a778f4f3a91109bd05613d3256e251062741304
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
b98c8f3aa7cc2835be32fd3a1488ba31a3de35a3fa0dd643a092c2846c613017
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd2627a04f12a741911cd403cc8b1386a3a57bd760d3808f81c32df1c1d994e5
bdf398ca37b39858f304a89191e623e04048dce5cc60782b22c3a2bf3090a501
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c0f26e64dc9d9cc394d163cf49fca788ed6d6043e4fad07c93317be46d0c8ba8
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3a149bf1fb7fdae52fa9c27d20f5214a688fcca22673bc5e431b20a2467c3af
c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d
c5ddb995fe37710a4be439e4e3f45016cd7b7ecfa3423a29e4f4f4dcce63efff
c7f5e3b0b3a282b46aa5bbd5e7952b90ce98d0d1d214b3308d9abb6053becd92
c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc
cbeb68ab05ba2a4acb199b7e21b17b76df29e1fe476d12354c40420aad0876ac
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d07fe30c1657702241a363bff69663888bc5623571f59bd235e522c50a1a0b28
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d30d6273dac573f0a8d3e9ab657d03cb2a5091675e42ff42f2acf978a4703267
d51f0fa226b273c81585170fd7fd24a241d6428744fb3b2d6849eac657cf4e95
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
dca128b30eede3d47f85c3b1a09e43831cbf456320bb96d1ede8e86d8a2349a0
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b8ee13d35110d7006bc5c5147ee0a0c6c3e1f26b2f246b8d5e57edf4f6b97b
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4e42c898e2aa24f768cd99b5dfd7a0e3cff53f84ef6418cbb8f4b459b8b0257
e992acf8af7de27497c44cca7f3758d64d10946bebd1b17319287c0d8f83b29c
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
eef00667f3ac7bc4cd2382084c3d1eb09a42d7443f29e45a2d1ae12b329c2019
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3b9ef807d3988e8ce73d3012e2f19cab12503a411c79719959f42cb8728f566
f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23
f71ede9904bc25f1d819435f2b72d9f7017a5802027ff12fabee6a3bbe35ebac
f77676010af045f74f15412f1ca9b418478066304101556281c5b4e162932525
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399
fb32b904b12b2acb2e467f605f463d14966514559c71487bebd004ffdf0ba353
fc22479b45672721f2067b9979945e53e3ad34a40985ec921f6bbbeca9642648
fee2db465f0790658c71eea0121359802815e944773874a4a8d86aac04c37500
ff508a4d10df2e6e505dbb596ec73d2868f9416c8d582ec4d3188b92d3c999bd
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

itechnews.co.uk Open in urlscan Pro 134.122.28.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

298 Requests

87 %HTTPS

30 %IPv6

54 Domains

77 Subdomains

50 IPs

8 Countries

4352 kBTransfer

8262 kBSize

71 Cookies

21 Outgoing links

Redirected requests

298 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

itechnews.co.uk Open in urlscan Pro
134.122.28.59 Public Scan

Screenshot
Live screenshot

Full Image

298
Requests

87 %
HTTPS

30 %
IPv6

54
Domains

77
Subdomains

50
IPs

8
Countries

4352 kB
Transfer

8262 kB
Size

71
Cookies

298 HTTP transactions
8 data transactions